Customer peered Vnet with it's own gateway to it's own on-prem needs to transit our Vnet to our on-prem.

RCN Admin 21 Reputation points
2022-06-02T18:27:44.353+00:00

Looking for the best solution for this. We are peered with a customer's Vnet. Customer has their own gateway to their own on-prem so them using our gateway isn't an option. How can their Vnet transit our Vnet to our on-prem? Would a PF Sense firewall or free VNS3 appliance be able to route the traffic accordingly? If so does it need to be in our gateway subnet? Is there any other solutions? We do not need access to their on-prem, their peered Vnet is the only thing that needs access to our on-prem.
207939-azure.png

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,389 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
570 questions
Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
323 questions
0 comments
Accepted answer
  1. Takahito Iwasa 4,841 Reputation points MVP
    2022-06-02T21:41:06.983+00:00

    Hi, @RCN Admin

    I understand that you want to access your on-premises from "Customer Vnet" via "My Vnet".

    Since VNET Peering Connections are non-transitive, "Customer Vnet" cannot access on-premises via "My VNet".

    In order for "Customer Vnet" to access your on-premises, you need to connect between VNETs in a different way.
    For example, VPN Gateway works transitively, so connect "My Vnet" and "Customer Vnet" with VPN Gateway.

    Please refer to the following documents for the transitivity of network components.
    https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vnet-peering

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest