Accessing on-prem resources from P2S client over S2S VPN on the same Virtual Network Gateway

FlatulentMonk 21 Reputation points
2021-07-26T18:26:55.943+00:00

So I think this question has been asked before but I want to make sure I understand the answer. I have an Azure VNET with a Virtual Network Gateway. This VNG is configured with a S2S VPN to on-prem and P2S VPN for external Win10 clients. The Win10 VPN clients can connect over P2S to Azure and connect with Azure resources but cannot connect with the on-prem resources using the S2S. From what I'm reading is that the S2S VPN and the on-prem firewall need to be configured to use BGP but I'm not sure why using static routes will not work. Am I correct in this and why is this the case. My research lead me to the following but this shows multiple S2S VPNs and I'm not sure if this matches my situation https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing#multivnets2sbranchbgp

Additionally, we are waiting for ExpressRoute to be configured. When this is fully provisioned will this work between the P2S clients and on-prem resources or will special configurations need to be made.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,530 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. TravisCragg-MSFT 5,681 Reputation points Microsoft Employee
    2021-07-29T22:22:08.763+00:00

    For your scenario, this should work if you are using BGP, but you will need to manually add the routes on the windows machine that is connected via the P2S VPN.

    For your ExpressRoute question, this will NOT work if your ER is connected via a Virtual Network ER Gateway. If this is a scenario you need to have, consider using an Azure Virtual WAN with your ExpressRoute Connection, This will let your P2S connections access your Virtual Network and on-prem resources.

    Please let me know if you have any other questions.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.