Hello all,
I'm looking for help with the following configuration, to determine if it's possible and then to understand where our configuration is off. We have two VNets in Azure, in two subscriptions. We have implemented P2S VPN in one of the networks, and then S2S VPN links between the two networks. The goal is to have our clients connect via P2S to Vnet1, and have resources in Vnet2 available to them as well (by IP - no DNS anywhere here).
We seem to have the individual components setup correctly, and everything can get one-hop away, but VPN clients cannot route across Vnet1 to resources in Vnet2.
Our configuration is below - if anyone could lend an experienced eye or some advice, it would be much appreciated.
Thanks!
Vnet1:
- Network 10.1.0.0/16
- GatewaySubnet 10.1.255.0/27
- VPN Client Pool 172.16.192.0/20
- Virtual Network Gateway is Standard, with BGP Enabled and non-default ASN
- Virtual Network Gateway connection to Vnet2
- Routing between Vnet1 <=> Vnet2 works Ok
- Routing between VPN Client <=> Vnet1 works Ok
Vnet 1 VPN Client Config:
- Edit %AppData%\Roaming\Microsoft\Network\Connections\Cm\<insert VPN guid>\routes.txt to send traffic for Vnet2 across this interface.
- Tracert from local client shows that first hop for 10.2.x.x exits the VPN address, not the internet address
Vnet2:
- Network 10.2.0.0/16
- GatewaySubnet 10.2.255.0/27
- Virtual Network Gateway is Standard, with BGP Enabled and non-default ASN
- Virtual Network Gateway connection to Vnet1
- Routing between Vnet 2 <=> Vnet1 works Ok
Things we've tried:
- User-defined routing / route table for GatewaySubnet on Vnet2 to send traffic to VirtualNetwork
- Whole bunch of other UDR