Azure VPN Gateway.+ modifying routing

UzarPiotr 26 Reputation points
2021-01-28T18:47:33.37+00:00

I have created Azure Virtual Network with address space 10.50.50.0/23, in it, I have created 5 subnets - 10.50.50.0/26, 10.50.50.64/26, 10.50.50.128/26, 10.50.51.0/26 and 172.16.0.0/26, on top of this network I have created Virtual Network Gateway (VPN) with point to site 10.99.99.0/25, I would like to limit routing only to 2 subnets 10.50.51.0/26 and 10.50.51.64/26 - for doing that I've added --custom-routes for only those two network ... but still in my client I've saw routing to whole network range (10.50.50.0/23), same after creating new route table and creating new hop's ... any idea how to modify that ?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,579 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Andreas Baumgarten 111.8K Reputation points MVP
    2021-01-28T22:11:02.663+00:00

    All subnets in a virtual network in Azure will be routed by default.
    If you want to prevent this you can give it a try with adding custom rules with the next hop target none.

    Maybe this is helpful:
    https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#default
    https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#how-azure-selects-a-route

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments No comments

  2. UzarPiotr 26 Reputation points
    2021-01-29T18:41:59.773+00:00

    Hello Andreas, thanks for response

    But how to do that when I do not see my address pool from point to site configuration in the subnet selection at routing table ?
    I'm also not allowed to register that subnet in private network

    "Failed to save address space changes to virtual network 'xxxxx'. Error: The virtual network gateway's VPN client address pool overlaps with the virtual network's address space. The overlapping address space prefixes are ...

    0 comments No comments

  3. Andreas Baumgarten 111.8K Reputation points MVP
    2021-01-29T20:54:55.537+00:00

    If custom routes are not working for you maybe using NSGs associated with the subnets will help to solve your requirements.
    With inbound and outbound rules you are able to allow and deny network communication.


    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments No comments

  4. UzarPiotr 26 Reputation points
    2021-01-31T08:08:06.393+00:00

    one of the services which I have in network is private endpoint, and NSG doesn't apply to it

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.