Azure routing | from p2s client VPN to s2s network on-prem

Fisnik Magashi 1 Reputation point
2021-03-24T09:10:59.63+00:00

Hi,

We are trying to connect a machine behind a p2s connection to a network which lies behind a s2s connection through Azure.

on-prem < site-to-site > Azure vNet < point-to-site > client machine

I have read about that we should use BGP between on-prem and Azure vNet in order to advertise the routes but in our case we can not do that because we have Meraki MX which does not support BGP with non-meraki peers.

What we have done until now is that we have created custom rules on a routing table on Azure and attached this with the vNet which both of sites are connected to. On the client machine behind the p2s there is a route to the vNet via the p2s connection (route print shows that) but we also have a route to the on-prem network via this connection. But the problem is that we still can not connect to the on-prem network via p2s client machine.

My question is this, is this even possible to connect via custom routes or is it only via BGP that this is possible?

BR Nikart

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,677 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SaiKishor-MSFT 17,181 Reputation points
    2021-03-31T18:50:31.583+00:00

    @Fisnik Magashi Thank you for reaching out to us on Microsoft Q&A. We apologize for the delay in response.

    I understand that you are trying to connect from P2S client to on-prem via S2S VPN. However, this requires the S2S VPN to be using BGP as given here in this document. At the moment there is no work around for this and therefore will not work without BGP.

    I hope this answered your questions. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

  2. Henrik Aldermo 21 Reputation points
    2023-02-09T13:16:45.3433333+00:00

    Connecting P2S <-> S2S <-> On-prem is indeed possible without BGP. You simply need to include the P2S client subnet in the "private subnets" configuration when setting up the VPN in Meraki.

    Use the following Guide: https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site_to_Site_VPN_tunnels_to_Azure_VPN_Gateway

    Sample values:

    Public IP (Virtual network gateway Public IP): 53.158.17.57
    Preshared secret: SomeThingVerySecret
    Private subnets (Virtual Network Address Space, P2S Address Pool): 172.16.0.0/16, 172.31.255.0/24

    Note: Including the Point-to-Site Address Pool is the key!

    0 comments