Is this network architecture possible?

Jeremy KEBIR 20 Reputation points
2023-07-04T14:42:24.07+00:00

Hello Everyone,

I have recently created this architecture for a customer:

User's image

As you can see my need is to communicate from my point to site connexion on my GW2 to my Site so site connexion on my GW1.

As you can imagine a S2S between my GW1 and GW2 was deployed, and I allowed all my subnets to transit over this connection.

I have also created routing tables on my two VNETs that allow my flows to be correctly routed.

And finally, my service provider has autorhized the IP address (172.16.102.0/24) to transit over the site-to-site connection on my GW1.

Here we are, it didn't work, the purpose of this post is just to find out if this type of architecture is possible for my needs?

If you need any further details, don't hesitate to contact me.

I haven't explained why I created this architecture, but unfortunately it's a choice made by my customer, who has a few Linux machines that unfortunately can't connect to the Point so site VPN currently present on the GW1 because of client incompatibilities and security needs with Azure AD authentication.

Thank you.

Best regards,

Jeremy KEBIR

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,615 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,597 questions
0 comments No comments
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 48,411 Reputation points Microsoft Employee
    2023-07-05T06:25:50.2166667+00:00

    @Jeremy KEBIR

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to connect your P2S Clients on Gateway1 to your OnPrem Site connected to Gateway2.

    Yes, this is very much feasible.

    You should not add any route tables to achieve it.

    • With BGP enabled in both the S2S Connections
      • Between AzureGW1 to AzureGW2
        • Between AzureGW1 to OnPrem
    • Redownloading P2S configuration once again should include the routes for OnPrem site.

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil


    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.