How to access resources from a different vnet via Virtual Network Gateway

Joman Sierra 21 Reputation points
2022-07-01T17:13:33.497+00:00

Hello,

I just setup a Virtual Network Gateway on "Resource Group A" in order to access VMs that are on that same "Resource Group A" via VPN (P2S). Everything is working perfectly fine!

Now i want to acess via that same VPN connection VMs that are on another Resource group "Resource Group B" (different virtual network)

I created a peering between both vnets. But i can't acess the VM on "Resource Group B" from the VPN that is running on "Resource Group A"

In other words i only can access VMs on the same RG/Vnet where the Virtual Network Gateway is located.

Any advice how to solve this?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,393 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,159 questions
0 comments
Accepted answer
  1. GitaraniSharma-MSFT 47,591 Reputation points Microsoft Employee
    2022-07-05T14:06:19.003+00:00

    Hello @Joman Sierra ,

    That is the issue.

    You can configure the gateway in the peered virtual network as a transit point to an on-premises network. In this case, the virtual network that is using a remote gateway can't have its own gateway. A virtual network has only one gateway. The gateway is either a local or remote gateway in the peered virtual network.

    Refer : https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview#gateways-and-on-premises-connectivity

    If both the Vnets have their own VPN gateways, you cannot enable "gateway transit" option.

    The only workaround in this case would be to delete the P2S VPN gateway from "Resource Group A" and then configure P2S VPN on the already existing S2S VPN gateway of "Resource Group B". Then peer both the Vnets with the option "Use the remote virtual network's gateway" (on the peering of Resource Group B vNet) and Use this virtual network's gateway (on the peering of Resource Group A vNet). After this, you can access the resources from both Resource Group A and B from the P2S client connected to Resource Group A.

    Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#can-i-have-site-to-site-and-point-to-site-configurations-coexist-for-the-same-virtual-network

    Regards,
    Gita

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 96,926 Reputation points MVP
    2022-07-01T22:39:56.577+00:00

    Hi @Joman Sierra ,

    did you configure the peering between the vNets with the option Use the remote virtual network's gateway (on the peering of the vNet without VPN Gateway) and Use this virtual network's gateway (on the peering of the vNet with VPN Gateway)?

    More details you will find here: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten