How to allow transit on vpn azure gateway on peered vnet?

Question

How to allow transit on vpn azure gateway on peered vnet?

Gabriele Martini 10

I have already connected a vnet through a vpn gateway (site to site) with on premises resources.

I created a new vnet in a different resource group.
I've made a peer connectiong between the 2 vnet and allow the new one to use the gateway to redirect traffic on premises.
The connection between the 2 vnets works. However the new one do not forward traffic to on prem resource.
Do i miss something? On network interface i see the effective routes but the communication do not work.

Ganesh Patapati 6,915 Reputation points Microsoft External Staff Moderator

2024-10-28T17:07:12.1933333+00:00
Hello Gabriele Martini,

Greetings,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

In the Azure portal, create or update the virtual network peering from the Hub-RM. Go to the Hub-RM virtual network. Select Peerings, then + Add to open Add peering.

On the Add peering page, configure the values for Remote virtual network summary.

Peering link name: Name the link. Example: SpokeRMToHubRM

Virtual network deployment model: Resource Manager

I know my resource ID: Leave blank. You only need to select this if you don't have read access to the virtual network or subscription you want to peer with.

Subscription: Select the subscription.

Virtual Network: Spoke-RM

On the Add peering page, configure the values for Remote virtual network peering settings.

Allow 'Spoke-RM' to access 'Hub-RM': Leave the default of selected.

Allow 'Spoke-RM' to receive forwarded traffic from 'Hub-RM': Select the checkbox.

Allow gateway or route server in the peered virtual network to forward traffic to 'Hub-RM': Leave the default of un-selected.

Enable 'SpokeRM' to use 'Hub-RM's' remote gateway or route server: Select the checkbox.

On the Add peering page, configure the values for Local virtual network summary.

Peering link name: Name the link. Example: HubRMToSpokeRM

On the Add peering page, configure the values for Local virtual network peering settings.

Allow 'Hub-RM' to access the peered virtual network: Leave the default of selected.

Allow 'Hub-RM' to receive forwarded traffic from the peered virtual network: Select the checkbox.

Allow gateway or route server in 'Hub-RM' to forward traffic to the peered virtual network: Select the checkbox.

Enable 'Hub-RM' to use the peered virtual network's remote gateway or route server: Leave the default of un-selected.

Select Add to create the peering.

Verify the peering status as Connected on both virtual networks.

Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit

Further you can follow these below steps to configure:

Please send me the Nic effective routes from the non-working VM.

Ping and Tracert for the Non-working VM.

If you are still facing any further issues, please don't hesitate to reach out to us. We are happy to assist you.

Looking forward to your response and appreciate your time on this.

Regards,

Ganesh
Ganesh Patapati 6,915 Reputation points Microsoft External Staff Moderator

2024-10-29T08:59:18.1866667+00:00

Hello Gabriele Martini,

Greetings of the day!

I would like to follow up with the thread.

Just checking in to see if you had a chance to see my response to your question. Please tell us if it was helpful and feel free to reach out to us if you have any queries.

Looking forward to your response and appreciate your time on this.

Cheers,

Ganesh
Gabriele Martini 10 Reputation points

2024-10-29T10:39:17.0833333+00:00

Hi Ganesh, Thanks for replay. Unfortunately i'm out of office and i couldn't read carefully your answer. I'll read as soon as i can and then i'll let you know. Regards
Ganesh Patapati 6,915 Reputation points Microsoft External Staff Moderator

2024-11-01T09:38:22.0233333+00:00
Hello Gabriele Martini,

Good day!

Please let me know once you tried this.

We are happy to assist you.

Regards,

Ganesh
Gabriele Martini 10 Reputation points

2024-11-01T09:47:22.3333333+00:00

Hi ganesh, i solved. It missed a configuration on a firewall on prem.Thanks
Ganesh Patapati 6,915 Reputation points Microsoft External Staff Moderator

2024-11-01T09:52:26.3933333+00:00
Hey Gabriele Martini,

Greetings

Please let me know whether my method helped you or you've achieved it on your own. If you did it yourself, please let me know what you missed during the configuration.

Regards,

Ganesh
Gabriele Martini 10 Reputation points

2024-11-01T10:20:07.6033333+00:00

Hi ganesh, i solved. It missed a configuration on a firewall on prem.Thanks

1 answer

Your answer

Ganesh Patapati 6,915 Reputation points Microsoft External Staff Moderator

2024-10-29T08:59:18.1866667+00:00

Hello Gabriele Martini,

Greetings of the day!

I would like to follow up with the thread.

Just checking in to see if you had a chance to see my response to your question. Please tell us if it was helpful and feel free to reach out to us if you have any queries.

Looking forward to your response and appreciate your time on this.

Cheers,

Ganesh
Gabriele Martini 10 Reputation points

2024-10-29T10:39:17.0833333+00:00

Hi Ganesh, Thanks for replay. Unfortunately i'm out of office and i couldn't read carefully your answer. I'll read as soon as i can and then i'll let you know. Regards
Ganesh Patapati 6,915 Reputation points Microsoft External Staff Moderator

2024-11-01T09:38:22.0233333+00:00

Hello Gabriele Martini,

Good day!

Please let me know once you tried this.

We are happy to assist you.

Regards,

Ganesh
Gabriele Martini 10 Reputation points

2024-11-01T09:47:22.3333333+00:00

Hi ganesh, i solved. It missed a configuration on a firewall on prem.Thanks
Ganesh Patapati 6,915 Reputation points Microsoft External Staff Moderator

2024-11-01T09:52:26.3933333+00:00

Hey Gabriele Martini,

Greetings

Please let me know whether my method helped you or you've achieved it on your own. If you did it yourself, please let me know what you missed during the configuration.

Regards,

Ganesh
Gabriele Martini 10 Reputation points

2024-11-01T10:20:07.6033333+00:00

Hi ganesh, i solved. It missed a configuration on a firewall on prem.Thanks

Answer 1

Ganesh Patapati 6,915 Microsoft External Staff Moderator

Hey Gabriele Martini

Greetings

Thank you for reaching out to us on the Microsoft Q&A forum.

As an original poster cannot accept their own answer, I am reposting it so that you can accept it an answer. Accepted answer will help other community members navigate to the appropriate solutions.

Issue: How to allow transit on vpn azure gateway on peered vnet?

Solution: I solved. It missed a configuration on a firewall on prem.

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information helps you, as this can be beneficial to other community members.

Your contribution is greatly appreciated.

Regards,

Ganesh

Ganesh Patapati 6,915 Reputation points Microsoft External Staff Moderator

2024-11-01T10:31:10.59+00:00

Hello Gabriele Martini,

We appreciate your patience!

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information helps you, as this can be beneficial to other community members.

Your contribution is greatly appreciated.

Regards,

Ganesh
Ganesh Patapati 6,915 Reputation points Microsoft External Staff Moderator

2024-11-01T12:08:43.66+00:00

Hello Gabriele Martini,

We appreciate your patience!

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information helps you, as this can be beneficial to other community members.

Your contribution is greatly appreciated.

Regards,

Ganesh

Share via

How to allow transit on vpn azure gateway on peered vnet?

1 answer

Your answer