vnet to vnet gatway setting

owen.kim 176

224138-%E1%84%8C%E1%85%A6%E1%84%86%E1%85%A9%E1%86%A8-%E1%84%8B%E1%85%A5%E1%86%B9%E1%84%8B%E1%85%B3%E1%86%B7.png

I want to connect "A vnet VM" with vpn 2 via RDP.

As in the manual, vnet to vnet connection configuration was completed, and RDP connection from "A vnet VM" to "B vnet VM" was successful. However, vnet cross-connection from local PC to p2s was not possible.

All address ranges from vnet to vnet in azure VPN client were shown in vpn route.
What's the problem??? I've been looking at this problem for about a week and it's still stuck.

(Since gateway1 must also have a vnet to vnet connection with gateway3, which will be created later, vnet peering cannot be used.)

(The purpose of using multiple gateways is to separate the gateways for developers and QA.)

GitaraniSharma-MSFT 47,591 Reputation points Microsoft Employee

2022-07-25T11:29:35.123+00:00

Hello @owen.kim ,

As mentioned by @msrini-MSFT , you need to create a S2S (IPSec) VPN connection between the 2 Vnets.
<a vnet> ---S2S VPN--- <b vnet>
Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal#site-to-site-ipsec

When you create a VNet-to-VNet connection, the local network gateway address space is automatically created and populated. The local network gateway is not visible in this configuration and you cannot add any additional address ranges.

Hence, you need to use a Site to Site VPN between the 2 Vnets. If you configure Site to Site VPN connection between the 2 Vnets, you have to create Local Network Gateway on both the sides. In your VNET 1 Local Network Gateway add your On-Premises address space as well. So that the VNET A resources will have the route to reach On-Premises/ VPN Clients.

Please update your setup as below:
Remove the Vnet to Vnet connection.
Create and configure the local network gateways manually on both Vnet sides and add the on-premises network address ranges in the local network gateways per your requirement.
Create Site to Site (IPSec) connection between the 2 Vnets.

Kindly let us know if it helps or you need further assistance on this issue.

----------------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Jackson Martins 9,646 Reputation points MVP

2022-07-25T13:41:31.78+00:00

@GitaraniSharma-MSFT and @msrini-MSFT
Just for update,
In the environment there was a route table configuration that was conflicting with the vpn, oriented to remove this configuration and the access was successful.

Accepted answer

Jackson Martins 9,646 Reputation points MVP

2022-07-24T19:54:39.093+00:00

Hi @owen.kim
Will start with couple of questions to get more clarity on your setup.

On Vnet 172.30.0.0/16 did you add a return route to see the network 172.0.5.0/24 ? on custom route

If not, add this route, because probably the vpn packet is going to the VM correctly but there is no return

Or
If run route print on machine with openvpn, did you see route to 172.30.0.0/16?

If not, add this route on routes.txt in %appdata%\Microsoft\Network\Connections\Cm

or add configuration on azure p2s config and reinstall client:

Get in touch if you need more help with this issue.

--please don't forget to "Accept the answer" if the reply is helpful--
Please sign in to rate this answer.

1 person found this answer helpful.
Jackson Martins 9,646 Reputation points MVP

2022-07-25T10:17:56.057+00:00

@owen.kim
my scenario working:

JACKSON-VNET 1 = 10.4.0.0/16 -> Windows VM = 10.4.0.4/24

JACKSON-VNET 2 = 10.5.0.0/16 -> P2S subnet = 192.168.66.0/24

Sorry for delay, below are the settings you must make to work:

GATEWAY 1 ## (VNET 1)

Jackson Martins 9,646 Reputation points MVP

2022-07-25T10:18:55.113+00:00

My resource group

Jackson Martins 9,646 Reputation points MVP

2022-07-25T10:20:22.903+00:00

GATEWAY 2 ## (VNET 2)

Jackson Martins 9,646 Reputation points MVP

2022-07-25T10:23:34.697+00:00

VM Windows on Azure:

CLIENT P2S

PING TEST TO WINDOWS VM FROM P2S CLIENT

Jackson Martins 9,646 Reputation points MVP

2022-07-25T10:24:30.567+00:00

P2S GATEWAY 2 CONFIGURATION

Jackson Martins 9,646 Reputation points MVP

2022-07-25T11:51:03.657+00:00

@owen.kim
You will need to recreate your connections and use the connection type site-to-site (IPSEC) configuration and create the local network gateway as I showed above:

in IP Address configuration, you will need to put the public ip of your gateway
in the address space you will put the vnet (and subnet for p2s) that you want the peer to access

,similar to the example below

Get in touch if you need more help with this issue.

--please don't forget to "Accept the answer" if the reply is helpful--

owen.kim 176 Reputation points

2022-07-25T11:53:37.867+00:00

thank you
I'm still checking and comparing the situation on google presentation, checking each one, but it's still the same...

https://docs.google.com/presentation/d/1oDQ7jiM3E3GRWPvmL_gylY1U3YWFa-2ZDOJnlkMpxyw/edit#slide=id.g13e3a0881df_0_81

owen.kim 176 Reputation points

2022-07-25T12:01:15.13+00:00

I took a screenshot of all the parts I need to set up and uploaded it. Please check it at a convenient time.
Sign in to comment

3 additional answers

owen.kim 176 Reputation points

2022-07-25T03:36:43.57+00:00

Thank you for answer.
First, I took pictures to share the status and put them in the address below (google presentation).

I set it up according to the manual, but still no success.
Is there any way to check more?

https://docs.google.com/presentation/d/1oDQ7jiM3E3GRWPvmL_gylY1U3YWFa-2ZDOJnlkMpxyw/edit#slide=id.p
Please sign in to rate this answer.
Jackson Martins 9,646 Reputation points MVP

2022-07-25T06:03:45.187+00:00

Hi @owen.kim
Looks like right on the VPN client,
What about virtual network gateway 1? There is a return route see the network 172.0.5.0/24 ? on custom route

owen.kim 176 Reputation points

2022-07-25T06:08:48.567+00:00

yes, looks good
i'm update google presentation about image after connection vpn1

https://docs.google.com/presentation/d/1oDQ7jiM3E3GRWPvmL_gylY1U3YWFa-2ZDOJnlkMpxyw/edit#slide=id.p

Jackson Martins 9,646 Reputation points MVP

2022-07-25T06:17:39.447+00:00

in connections on gateway 1 you need to specify the address space from you p2s, (172.0..5.0/24). can you upload a screenshot from "Connections" tab?

owen.kim 176 Reputation points

2022-07-25T06:19:16.237+00:00

yes upload now

Jackson Martins 9,646 Reputation points MVP

2022-07-25T06:20:44.22+00:00

In local network gateway, a specific object that represents (172.0.5.0/24)

owen.kim 176 Reputation points

2022-07-25T06:22:22.203+00:00

Do I need to set up a local network gateway??? This is not set.

Jackson Martins 9,646 Reputation points MVP

2022-07-25T06:27:38.317+00:00

hi @owen.kim

your connection needs to have the network defined like the image below

Jackson Martins 9,646 Reputation points MVP

2022-07-25T06:32:11.287+00:00

In you Gateway 1, on connection, must have address space 172.0.5.0/24:

Jackson Martins 9,646 Reputation points MVP

2022-07-25T06:36:05.113+00:00

in short, in your site-to-site vpn you need to declare the network of your p2s vpn. You VM 172.30.0.4 needs to know the way to find 172.0.5.0/24,

I'll try to represent this in routes, jump like:

In your VM when try to communicate with p2s client (172.0.0.5/24) needs to send to your gateway 1

Your gateway 1 send to gateway 2

Your gateway 2 send to p2s

**your gateway 1 needs to have 172.0.5.0/24 network defined in site-to-site settings

Jackson Martins 9,646 Reputation points MVP

2022-07-25T06:52:42.117+00:00

Yes! You will need

owen.kim 176 Reputation points

2022-07-25T06:54:06.647+00:00

thank you
May I know where to get the local network gateway ip address???

Jackson Martins 9,646 Reputation points MVP

2022-07-25T06:57:26.427+00:00

On gateway 1, where you put address space for 172.31.0.0/16?

Jackson Martins 9,646 Reputation points MVP

2022-07-25T07:03:47.717+00:00

@owen.kim
Your connection needs to show like this:

Jackson Martins 9,646 Reputation points MVP

2022-07-25T07:09:55.117+00:00

what the address space you put here?

Jackson Martins 9,646 Reputation points MVP

2022-07-25T07:19:44.947+00:00

@owen.kim
I'm setting up the environment similar to yours and I'll send you the settings ok? should finish in approximately 1 hour

owen.kim 176 Reputation points

2022-07-25T07:20:53.33+00:00

thank you sir

owen.kim 176 Reputation points

2022-07-25T07:21:23.04+00:00

Iwill continue to update the docs on the situation.

Jackson Martins 9,646 Reputation points MVP

2022-07-25T10:27:20.043+00:00

Hi @owen.kim

You will need to recreate your connections and use the connection type site-to-site configuration and create the local network gateway as I showed above:

Get in touch if you need more help with this issue.

--please don't forget to "[Accept the answer]" if the reply is helpful--
Sign in to comment
owen.kim 176 Reputation points

2022-07-25T03:39:22.513+00:00

It works fine if I peer a vnet and b vnet, but I don't know why I can't make a gateway connection...
(There are reasons why you should use a gateway.) :(
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
msrini-MSFT 9,256 Reputation points Microsoft Employee

2022-07-25T04:48:15.357+00:00

Hi,

Instead of creating VNET to VNET connection between Gateways, try Site to Site connection. When you choose Site to Site, you will need to create Local Network Gateway on both the sides. In your VNET 1 Local Network Gateway add your On-Premises address space as well. So that the VNET A resources will have the route to reach On-Premises/ VPN Clients.

Regards,
Karthik Srinivas
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

vnet to vnet gatway setting

GATEWAY 1 ## (VNET 1)

3 additional answers