Site-to-Site VPN between Azure and Meraki MX Firewall local VLan with tag 300 not accessible from Azure

Michael Adcock 20 Reputation points
2024-04-22T16:24:09.5166667+00:00

I successfully created a Site-to-Site VPN connection between my local network and our Azure infrastructure. Our default VLAN is 192.168.192.0/24, and any resource on that subnet is accessible in Azure. However, we have a VLAN (tagged 300) on our local network with the subnet 192.168.193.0/24, and none of the resources are accessible.

For example, the VLAN gateway is 192.168.193.1. In the Azure Local network gateway, I've tried to add two records of 192.168.192.0/24 and 192.168.193.0/24 in the Address Space(s). Although I could reach anything on the 192.168.192.0 subnet, I still couldn't reach anything on the 192.168.193.0/24. So, I tried to only add one record that covered both subnets in the Azure Local network gateway Address Space(s): 192.168.192.0**/23**, but this didn't work either.

From our local network firewall, the resources on the 192.168.193.0/24 subnet can be pinged.

User's image

From Azure VM

User's image

From Local PCUser's image

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,404 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,007 questions
0 comments No comments
{count} votes

Accepted answer
  1. hossein jalilian 4,285 Reputation points
    2024-04-22T19:07:53.2166667+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    • Ensure that the on-premises VPN device is configured to advertise or route traffic for both the 192.168.192.0/24 and 192.168.193.0/24 subnets over the site-to-site VPN connection.
    • In the Azure portal, navigate to the Local Network Gateway resource associated with your on-premises network. Update the "Address Space" field to include both subnets as separate entries. after updating the Local Network Gateway address space, try resetting the Azure VPN Gateway associated with the site-to-site connection.
    192.168.192.0/24
    192.168.193.0/24
    
    

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    0 comments No comments

0 additional answers

Sort by: Most helpful