Azure VPN Gateway gateway transit using a Custom Route Table?

Question

Hey,

I've peered two Azure Virtual Networks - Hub and SpokeA. An Azure VPN Gateway is deployed to the Hub Vnet and it's connected to an on-prem network. I want resources in SpokeA to take advantage of the Hub vnet's VPN Gateway. I understand that we can select the "Allow Gateway Transit" and "Use Remote Gateway" options to achieve this, however, could we, instead, create a Custom Route Table and associate it within the SpokeA network to achieve this?

If not, what would prevent me from achieving this?

Answer 1

Hi kyczernu

Greetings!

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

While you can create a custom route table and associate it with the SpokeA VNet, simply using a custom route table alone will not allow SpokeA to utilize the hub's VPN Gateway for outbound traffic to the on-premises network. Here’s why:

1.  Custom route tables can determine how traffic is routed within a VNet or between VNets. However, they do not automatically enable the use of the VPN Gateway in the hub. To direct traffic to the VPN Gateway, the routing table must be correctly configured to point to the gateway's IP address.

You can be able to get but it's a completely a complicated where with the help of Deploy and configure Azure Firewall in a hybrid network by using the Azure portal.

Refer: https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal

You create custom routes by either creating user-defined routes (UDRs) or exchanging BGP routes between your on-premises network gateway and an Azure virtual network gateway.

---

Hope this clarifies!

If above is unclear and/or you are unsure about something add a comment below.

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

Regards,

Ganesh