Custom route for Azure Point to Site VPN to reach on-prem private IP
The short answer is adding your network route to VPN route config file manually will make it work: %AppData%\Microsoft\Network\Connections\Cm\yourGuid\routes.txt.
Here you can find details about Azure P2S routing: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
Hope it helps.
Related videos on Youtube
05 : 24
31 : 29
19 : 37
14 : 45
02 : 01
thankyoussd
Updated on September 18, 2022Comments
-
thankyoussd almost 2 years
I set up a VPN gateway in Azure, and configured a P2S connection that connects an on-prem server to the gateway. The Azure P2S configuration asks for an IP pool to assign to the endpoints when they connect, it's set to 172.16.17.0/24.
When the on-prem server successfully connects, it's assigned an IP 172.16.17.2 as expected. It can reach my private subnets on the Azure side normally across the VPN.
However, the on-prem server has its own private IP, 192.168.2.110. From the Azure side, the VMs connected to the VPN gateway can only reach the on-prem server via 172.16.17.2. I need them to be able to reach 192.168.2.110 as well.
I took a look at the effective routing table in Azure. They auto added 172.16.17.0/24 to be routed via the VPN of course. But they have other private IP blocks that are not part of my Vnet address space/subnets set to Drop, including 192.168.0.0/16.
I can't seem to figure out how to add a custom route to my vNic that routes 192.168.2.110 through the same VPN gateway so my VMs can access the on-prem server via this IP.
I tried creating a Routing Table instance, and it allows me to add a route for 192.168.2.110/32, under the "Next Hop Type" I can choose Virtual Network Gateway, but it won't let me specify the IP address of the gateway, and the rule does not seem to work. The auto-added route for 172.16.17.0/24 does have Virtual Network Gateway as hope type and it has the gateway's IP.
Your advice would be greatly appreciated.
-
thankyoussd over 5 yearsThanks. I know S2S VPN would have worked for this. In this case it is not possible to use a S2S tunnel due to lack of access to the router. What I need is not for Azure VMs to access a whole on-prem subnet. That would obviously require S2S. I only need them to be able to access the particular end point (by its internal private IP) that has already connected to the gateway. The problem of using the Azure gateway assigned IP is that there is no option to make it static. Is there any workaround solution for this on the Azure side?
-
Ken W MSFT over 5 yearsHave you configured DNS on the Azure VNet? docs.microsoft.com/en-us/azure/vpn-gateway/…