I have a Virtual machine that has a Private IP address only. I also have a site-to-site tunnel configured to Netskope. I want to route my VM's internet traffic should be via this Netskope tunnel public IP only. Because I want to whitelist this tunnel public IP in my other on-prem server. I have configured the Route table and added the rule 0.0.0.0/0 to the Virtual Network gateway after this the internet access is disabled. In my Virtual Network gateway, I have multiple local network gateway connections.

Hi @ Sudarshan Bhamare , the feature you are looking for to send Azure VM's internet traffic via VPN Gateway Site To Site tunnel is called forced tunneling . These articles are maybe helpful: About forced tunneling for site-to-site configurations Configure forced tunneling using Default Site for site-to-site connections (If the reply was helpful please don't forget to upvote and/or accept as answer , thank you) Regards Andreas Baumgarten

How to route traffic to internet via VPN gateway tunnel.

Accepted answer

Andreas Baumgarten 96,606 Reputation points MVP

2024-04-10T20:32:50.64+00:00

Hi @Sudarshan Bhamare ,

the feature you are looking for to send Azure VM's internet traffic via VPN Gateway Site To Site tunnel is called forced tunneling.

These articles are maybe helpful:

About forced tunneling for site-to-site configurations

Configure forced tunneling using Default Site for site-to-site connections

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten
Please sign in to rate this answer.
Sudarshan Bhamare 45 Reputation points

2024-04-11T05:55:33.58+00:00

Thank you @Andreas Baumgarten for your time. I tried checking but was unable to get the documents for the existing VPN gateway is it possible to directly configure forced tunneling? Is there any option than forced tunneling ?

Andreas Baumgarten 96,606 Reputation points MVP

2024-04-11T06:03:49.45+00:00

Hi @Sudarshan Bhamare ,

the option for an Azure VPN Gateway is called "forced tunneling". I don't know if Netskope is using the same name and if the Netskope VPN solution is offering such a feature at all.

It might be an option to ask at Netskope directly.

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten

Sudarshan Bhamare 45 Reputation points

2024-04-11T06:25:26.1366667+00:00

At the Azure end in Virtual Network Gateway can I configure it to the existing tunnel. I don't see any option in the Virtual Network gateway as well as in the Local network gateway for forced tunnelling.

Andreas Baumgarten 96,606 Reputation points MVP

2024-04-11T21:59:14.1633333+00:00

Hi @Sudarshan Bhamare ,

there is no option to configure the forced tunneling in the Azure VPN Gateway. The configuration is done via PowerShell:

Configure forced tunneling - Default Site

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten

Sudarshan Bhamare 45 Reputation points

2024-04-12T06:13:39.7133333+00:00

Thank you I guess we are almost there. Will onfiguring forced tunneling - default site to specific subnet have any effect on my other subnet traffic and gatewat connections ?

KapilAnanth-MSFT 35,086 Reputation points Microsoft Employee

2024-04-15T06:07:29.5266667+00:00

@Sudarshan Bhamare ,

I see @Andreas Baumgarten has shared the documents to configure Forced Tunneling.

With your latest query, "Will onfiguring forced tunneling - default site to specific subnet have any effect on my other subnet traffic and gatewat connections ?"

I am afraid we did not understand the query.

If you configure Forced tunneling for one particular LNG, all internet traffic would go via this particular LNG.

In case you have other LNGs connected to your VPN Gw, only the private traffic (Traffic selectors advertised by the other LNGs), will go to the respective LNGs.

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
Sign in to comment

How to route traffic to internet via VPN gateway tunnel.

0 additional answers