Routing Azure ExpressRoute Gateway traffic in VNet

Steiner 21 Reputation points
2021-09-29T18:53:02.98+00:00

Hi,

I have an issue with routing traffic from ExpressRoute gateway to and through NVA.

On-premise network: 10.15.0.0/24

I have a VNet 172.16.1.0/24

3 subnets 172.16.1.0/27, 172.16.1.32/27, 172.16.1.64/27 and the GatewaySubnet 172.16.1.240/28 (contains a gateway connected to the ExpressRoute circuit).

NVA IP: 172.16.1.6

However, when a route table is associated with the GatewaySubnet with the following route:
Prefix: 172.16.1.32/27
Next Hop Type: Virtual Appliance and IP 172.16.1.6

Traffic never arrives on the NVA interface from 10.15.0.0/24.

However, when the subnet is not associated with any route table, traffic arrives on hosts in the subnet (172.16.1.32/27).

What I would like to achieve is to have traffic from 10.15.0.0/24 (On Premise Network) to 172.16.1.32/27 to go through the NVA (172.16.1.6), is this possible? If yes, what have I setup incorrectly?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,380 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,141 questions
Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
323 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,876 questions
Accepted answer
  1. ChaitanyaNaykodi-MSFT 22,776 Reputation points Microsoft Employee
    2021-10-01T17:42:19.08+00:00

    Hello @Steiner , Thank you for confirming the issue was resolved. I am just summarizing troubleshooting steps we followed in order to resolve this issue so that it can help anyone in the community facing similar issue.

    1. We validated the type of Gateway used. As per the documentation You can use user-defined routes for forcing traffic from the Express Route to a Network Virtual Appliance. The opposite is not possible though You must use BGP to advertise on-premises routes to the Microsoft Edge router. You cannot create user-defined routes to force traffic to the ExpressRoute virtual network gateway if you deploy a virtual network gateway deployed as type: ExpressRoute.
    2. As mentioned here in the document, we validated whether route propagation is enabled on the GatewaySubnet.
    3. Lastly you looked at the NSG rules to determine if any rules were blocking any traffic which was true. After modifying the NSG rules the UDR worked as expected. We can leverage NSG flow logs to log information about the IP traffic flowing through an NSG.

    Please feel free to add any additional troubleshooting steps you followed to resolve this issue.

    Also it will helpful if you could mark this as answered so that it can help other community folks facing similar issue.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest