Share via

Connect resources in a virtual network to on premise resources through an IPSec tunnel present in another VNet

Shirisha Sudhakar Rao 0 Reputation points
2023-06-19T21:43:59.48+00:00

We already have an IPSec tunnel connected to on-prem resources.
We want to create resources in another virtual network and provide them with access to the resources on-prem through the IPSec tunnel.
How can we go about achieving this?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,775 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
550 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jackson Martins 10,606 Reputation points MVP Volunteer Moderator
    2023-06-19T22:53:46.0066667+00:00

    Hi @Shirisha Sudhakar

    You will need hub-and-spoke network architecture, and enable gateway transit, gateway transit allows spoke virtual networks to share the VPN gateway in the hub, instead of deploying VPN gateways in every spoke virtual network

    https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli

    Diagram of Gateway transit.

    to set up VNet Peering between the gateway transit see documentation bellow:

    https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit

    Get in touch if you need more help with this issue.

    --please don't forget to "[Accept the answer]" if the reply is helpful--

    0 comments
  2. ChaitanyaNaykodi-MSFT 27,481 Reputation points Microsoft Employee Moderator
    2023-06-19T23:09:24.0633333+00:00

    @Shirisha Sudhakar Rao

    Thank you for reaching out.

    If I understand it correctly you have Azure VPN already set-up and connected to your on-prem resources and now you wish to add another virtual network in Azure and grant it access to your on-prem resources.

    Based on my understanding above. Yes, this is possible. To enable this connectivity, you will need to peer the new virtual network with the virtual network containing your VPN Gateway. While setting up this peering you need to enable Gateway Transit property. Gateway transit is a peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises connectivity. Routes to the gateway-connected virtual networks or on-premises networks will propagate to the routing tables for the peered virtual networks using gateway transit. You can follow this documentation for enabling this connectivity.

    Additional resources:

    https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering?tabs=peering-portal#create-a-peering

    https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering?tabs=peering-portal#requirements-and-constraints

    Hope this helps! Please let us know if you have any additional questions. Thank you!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.