Can Azure VPN gateway works as a transit between different connection created within it ?

Devendra Singh 21

Hello, I was performing some testing on the Azure VPN gateway, when two remote sites(Let's say A and B) were connected via the IPSEC VPN tunnel in Connection to the Virtual network gateway.

Connectivity to Azure resources is fine. What if I want is communication between A and B via VPN gateway, is that possible?

KapilAnanth-MSFT 35,246 Reputation points Microsoft Employee

2024-04-22T04:06:54.9133333+00:00
@Devendra Singh ,

Yes, this is possible as long as BGP is enabled

See : FAQ

Also, see Support transit routing between your on-premises networks and multiple Azure VNets

I see Marcin Policht had addressed the same.

I would highly appreciate if you could Accept their answer and close this thread

Original posters help the community find answers faster by identifying the correct answer.

Thanks,

Kapil
KapilAnanth-MSFT 35,246 Reputation points Microsoft Employee

2024-04-26T08:27:22.51+00:00
@Devendra Singh ,

In addition, you can follow this document for configuration in VPN Gateway.

See : How to configure BGP for Azure VPN Gateway

This diagram is similar to your requirement, TestVNet2 would be your SiteA and On-Premises would be your SiteB, while the TestVNet1 is your VPN Gateway.

You must enable BGP in Azure VPN Gateway, All the Azure VPN Connection and also on your OnPrem VPN Device.

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

Please Accept an answer if correct.

Original posters help the community find answers faster by identifying the correct answer.

1 answer

Marcin Policht 11,005 Reputation points MVP

2024-04-20T12:24:04.53+00:00

Yes - that's supported.

As per https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq

Can I use Azure VPN gateway to transit traffic between my on-premises sites or to another virtual network?

Resource Manager deployment model Yes. See the BGP section for more information.

Classic deployment model Transit traffic via Azure VPN gateway is possible using the classic deployment model, but relies on statically defined address spaces in the network configuration file. BGP isn't yet supported with Azure Virtual Networks and VPN gateways using the classic deployment model. Without BGP, manually defining transit address spaces is very error prone, and not recommended.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin
Please sign in to rate this answer.
Marcin Policht 11,005 Reputation points MVP

2024-04-20T12:25:24.5066667+00:00

In addition:

Does Azure VPN Gateway support BGP transit routing?

Yes, BGP transit routing is supported, with the exception that Azure VPN gateways don't advertise default routes to other BGP peers. To enable transit routing across multiple Azure VPN gateways, you must enable BGP on all intermediate connections between virtual networks. For more information, see About BGP.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Devendra Singh 21 Reputation points

2024-04-20T16:21:16.1+00:00

Thanks for quickly answering this and maybe I didn't explain my question better earlier, apologies for that.

I am sharing my query the diagram for better understanding. I want to initiate packet transfer between clients in those two connections created in the VPN gateway and not with VNet created in Azure(that part is sorted)test-connectivity.png

As mentioned in diagram if user in connection A want to communicate with user in connection B, is that possible via VPN gateway ?

Marcin Policht 11,005 Reputation points MVP

2024-04-20T16:37:06.1666667+00:00

Yes - that's what "transit traffic between my on-premises sites" included in my previous response represents

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin
Sign in to comment