Hi everyone, I'm pretty new to Azure so I might be missing something here. I've got a Cisco flexVPN tunnel setup between the CSR and our on-prem network. I can ping all the devices on-prem through the CSR. I also have a Azure point to site configured and working in the same VNet. Both 172.16.5.0/24 and 172.16.6.0/24 networks are in the "Additional routes to advertise" in the configuration. The problem is I can't ping any of the on-prem devices from the P2S vpn. Is there something that I'm missing here? Thanks!

Hi @Nadeesh Sam , please verify you have User Defined Routes (UDRs) in your VPN Gateway subnets for the on-premises networks 172.16.5.0/24 and 172.16.6.0/24 . Also please check if you have routes in your on-premises network for the P2S IP range. "Additional routes to advertise" will provide the P2S VPN clients with the additional routes only. The Cisco Flex VPN is connected to the Azure VPN Gateway in your diagram via S2S connection? Or is it connected to a "different VPN device in Azure"? The VPN Gateway with the P2S connection needs the UDRs to the on-premises networks as well. ---------- (If the reply was helpful please don't forget to upvote and/or accept as answer , thank you) Regards Andreas Baumgarten

Help setting up static routing in VNet to CSR1000V

Accepted answer

Andreas Baumgarten 96,926 Reputation points MVP

2022-07-14T06:21:49.823+00:00

Hi @Nadeesh Sam ,

please verify you have User Defined Routes (UDRs) in your VPN Gateway subnets for the on-premises networks 172.16.5.0/24 and 172.16.6.0/24 .
Also please check if you have routes in your on-premises network for the P2S IP range.

"Additional routes to advertise" will provide the P2S VPN clients with the additional routes only.

The Cisco Flex VPN is connected to the Azure VPN Gateway in your diagram via S2S connection? Or is it connected to a "different VPN device in Azure"?
The VPN Gateway with the P2S connection needs the UDRs to the on-premises networks as well.

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten
Please sign in to rate this answer.
Nadeesh Sam 21 Reputation points

2022-07-14T07:36:01.733+00:00

Hi @Andreas Baumgarten ,

Thanks for taking the time to answer my question.

The Cisco FlexVPN is between the on-prem router and the Cisco cloud router (CSR1000V is a normal azure VM with a Cisco OS) We are not using ang S2S gateways here.

I just made a Route Table in Azure and added the following UDRs,

Destination: 172.16.6.0/24 Type: Virtual appliance Next hop: 10.1.0.4[CSR VM private IP]
Destination: 172.16.5.0/24 Type: Virtual appliance Next hop: 10.1.0.4[CSR VM private IP]

And this table is applied to the gateway subnet (10.1.1.0) in the vNet.

I still cant get the remote PC to ping the on-prem networks.

Your help is greatly appreciated!

Andreas Baumgarten 96,926 Reputation points MVP

2022-07-14T08:16:10.687+00:00

Hi @Nadeesh Sam ,

did you check the routes "back from on-premises to the VPN Gateway in Azure"?
Your on-premises network needs the routing information to the VPN Gateway P2S network as well.
Otherwise the on-premises devices didn't know "where to route the packages to the P2S VPN Client."

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

Andreas Baumgarten 96,926 Reputation points MVP

2022-07-17T12:14:12.887+00:00

Hi @Nadeesh Sam ,

did the answer work for you? Are there any additional questions to this topic?

If you found the answer helpful, it would be great if you please mark it "Accept as answer". This will help others to find answers in Q&A

Regards
Andreas Baumgarten

Nadeesh Sam 21 Reputation points

2022-07-18T00:16:10.307+00:00

Hi @Andreas Baumgarten ,

Associating the routing table to both CSR and the P2S subnets did the trick. Thanks for your help!

Cheers!
Sign in to comment

Help setting up static routing in VNet to CSR1000V

0 additional answers