Share via

How can I configuring a P2S VPN that is force tunneling to access internet

Jaden Mickley 0 Reputation points
2025-03-28T20:42:07.17+00:00

I need some help trying to configure a P2S VPN (Virtual Network Gateway) to use force tunneling (0.0.0.0/1 and 128..0.0.0/1 split). I have tried to configure a NAT Gateway and a Firewall to route traffic through the VNET to the internet. Is this possible or do I need to use a NVA? My ultimate goal is to require access to M365 apps when the VPN is connected only (CA policy from known locations).

I am not interested in using the vWAN as the price is quite large for less that 15 clients using the VPN.

Appreciate the help.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,719 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. chrischin 915 Reputation points Microsoft Employee
    2025-03-28T22:02:42.34+00:00

    Hi Jaden,

    This might not be possible.

    User's image

    https://learn.microsoft.com/en-us/azure/vpn-gateway/azure-vpn-client-optional-configurations#routing

    If you still wanted to try it:

    https://learn.microsoft.com/en-us/azure/vpn-gateway/azure-vpn-client-optional-configurations#routing to get traffic to show up in your VNET (if it doesn't get dropped).

    You can attach a route table to the GatewaySubnet to define the next hop which could be an Azure Firewall, NVA, or NAT Gateway (https://learn.microsoft.com/en-us/azure/nat-gateway/tutorial-hub-spoke-route-nat?tabs=portal#create-hub-network-route-table).

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.