Share via

Access On Premise resources when connected to Azure VPN Gateway

Jonathan S 6 Reputation points
2020-08-25T13:50:59.427+00:00

I have a Site to Site VPN setup to an Azure Vnet with an Azure VM in it. I have users connecting via Point to Site VPN and they are able to access the Azure VM without issue but are not able to access the on premise server thats connected via the Site to Site VPN. I assume I need to add a route somewhere, but havent been successful so far. Can anyone offer any advice? Thank you

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,795 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jonathan S 6 Reputation points
    2020-09-02T12:08:25.16+00:00

    I found a solution to this issue, and I hope it helps someone else.

    So in order to access on premises resources while connected to Azure VPN, you need to add a route on your client computer, the one thats connecting to the Azure VPN. The best way, I've found, to do this, is by modifying the routes.txt file found here:

    C:\Users\USERNAME\AppData\Roaming\Microsoft\Network\Connections\Cm#####-#######\routes.txt

    Add this line, modifying as needed to specify your LAN subnet.

    ADD 192.168.X.X MASK 255.255.25X.0 default METRIC default IF default

    Save, close, reconnect to the Azure VPN.

    You also need to make sure you have a route on your on prem VPN device in the Site to Site configuration that allows traffic for your Azure Client VPN subnet.

    1 person found this answer helpful.
  2. SaiKishor-MSFT 17,336 Reputation points
    2020-08-31T18:31:23.653+00:00

    @Jonathan S
    I apologize for the delay in responding to your issue. Yes, in order to be able to access the on-premise resources via the site to site vpn from the client vpn, you need 2 routes, one at the on-premise for the CVPN network and the other one would in the CVPN client machine for the on-premise location. Hope this is helpful.

    Please let us know if you need any further assistance and we will be glad to assist. Thank you!

    0 comments
  3. SaiKishor-MSFT 17,336 Reputation points
    2020-09-01T18:42:11.483+00:00

    @Jonathan S
    Let me also add another important point here that is, you cannot access the S2S VPN resources from the CVPN clients if the S2S VPN is not configured with BGP. Please refer to this document for further details on this- https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing#vnetbranch. Thank you!

    0 comments
  4. SaiKishor-MSFT 17,336 Reputation points
    2020-09-02T23:42:59.273+00:00

    @Jonathan S

    Thank you for providing details about what worked for you. This is very helpful. Please let us know if you need any further assistance and we will be glad to assist further. Thank you!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.