Connect to on-premise servers via Azure VPN gateway via existing S2S connection

Garrett Wengreniuk 1 Reputation point
2021-10-26T18:07:56.197+00:00

Hi All,

We presently have an Azure VPN that connects to our Azure-based infrastructure (10.3.x.x.), and a site-to-site VPN that connects back to our physical office (10.1.x.x). We're looking to replace our Remote Desktop Gateway at the physical office, and instead use the single VPN connection to access both IP ranges. Not sure if this is possible with Azure, so figured I'd ask the gurus here.

We already have connectivity from the Azure environment to the physical office via a Site to Site VPN, and that part works, so I think what I'm needing here is a way for the client machine to understand that the 10.1.x.x traffic should also be routed via the VPN and then use the existing tunnel. In case I explained that poorly, I can connect to the Azure VPN and onto a server in Azure (10.3.x.x), and then from there remote desktop to a machine at the physical office (10.1.x.x), but ideally I want to connect directly through the VPN without logging onto the Azure-based server.

Maybe not possible in Azure, but it would mean we only need a single VPN for our users so it's the ideal approach.

Anybody have experience with this, and if so, can you point me to any configuration docs / assistance?

Any insight / ideas / suggestions are appreciated.

Thanks

Garrett

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,379 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 47,086 Reputation points Microsoft Employee
    2021-10-29T10:44:16.06+00:00

    Hello @Garrett Wengreniuk ,

    In order for you to be able to access your on-prem network (which is connected to Azure VPN by site to site connection) from your Point to site VPN client/laptop, your Site-to-Site VPN connection should be running BGP.

    If your site to site connection between Azure and On-prem uses BGP, then you can just manually add the routes for your on-prem network to the Windows P2S client and will be able to access the on-prem network from your point to site connection/client. For non-windows clients, you do not need to add the manual routes as BGP is enough for the routes to be propagated.

    To manually add the On-prem network route, you can browse to %AppData%\Microsoft\Network\Connections\Cm*yourGuid\routes.txt (C:\Users\userID\AppData\Roaming\Microsoft\Network\Connections\Cm*VPNGuid*\routes.txt)* in your client machine and add the route in this text file.

    Please refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing#vnetbranchbgp

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments