Diondre-8991 avatar image
0 Votes"
Diondre-8991 asked SaiKishor-MSFT commented

Within a Hybrid Azure environment with an established tunnel can a separate user vpn be used to access on prem addresses?

As it stands we have a Cisco ASA configured to establish a IPsec tunnel to Azure effectively creating a hybrid network. We also have a separate device for VPN access which users connect into to get onto the network. From a local network gateway perspective could the FQDN of the user vpn be used to bypass the VPN gateway for routing to on prem? It seems like routing back out of the VPN gateway and across the external IP and back into the network would seem unnecessary considering a tracert to an on prem IP shows the next hope as that user VPN appliance. When utilizing the next hop option in network watcher it ends up going back out of the gateways subnet to the Azure VPN Gateway and to the external of the ASA which has been designated the LNG.

There may be some other considerations needed but as it stands the internal IP of that User VPN does have routes in place that would allow for forwarding.

Route propagation is enabled and Azure has written those "virtual networks" to use the next hop of the Azure VPN connection. We do utilize seamless sign on as well which connects via our Local AD creds.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Diondre-8991 Can you please share a network diagram of your current setup so I can understand better?`

0 Votes 0 ·

@Diondre-8991 Any update?

0 Votes 0 ·

0 Answers