forward trafic between vpn tunnels
Hello
I have this configuration
vpn2s in a remote sites ( a lot)
vpn100 in main office
azure gw at Microsoft
I cannot create vpn tunnel directly from remote sites to azure as I do not have so many concurrent IPsec tunnels in azure, so I need to use the main office vpn 100 as concentrator between remote sites and azure
Also , seems that vpn2s does not support policy route to set next hop vpn tunnel xxx for a destination subnet
I am ok with full tunneling but I tried and did not work.
what needs to be done in order to access Azure from remote sites (and back) through the vpn 100 in main office ?
I have this configuration
vpn2s in a remote sites ( a lot)
vpn100 in main office
azure gw at Microsoft
I cannot create vpn tunnel directly from remote sites to azure as I do not have so many concurrent IPsec tunnels in azure, so I need to use the main office vpn 100 as concentrator between remote sites and azure
Also , seems that vpn2s does not support policy route to set next hop vpn tunnel xxx for a destination subnet
I am ok with full tunneling but I tried and did not work.
what needs to be done in order to access Azure from remote sites (and back) through the vpn 100 in main office ?
0
All Replies
-
Should just be a case of Azure being on a subnet of VPN100 to setup Local policy and Remote policy with different LAN subnets on VPN2S and VPN100.0
-
Hi @rstanila,
For VPN connection of Azure. Remote Policy have to involve VPN2S/VPN100 subnet. vice versa.
For VPN connection of VPN2S. Remote Policy have to involve VPN100/Azure subnet.
Please feel free to contact us if issue still persist.
Thank you
Kevin
0 -
hello. thanks a lot for answers. let s be more specific, i have the following ipsec tunnels.
vpn2s - vpn 100 : 192.168.40.0/24 <-> 192.168.3.0/24
vpn100 - azure : 192.168.3.0/24 <-> 172.17.1.0/24
I need to be able to access 172.17.1.0/24 from 192.168.40.0 and viceversa.
what should I configure and where ? thanks a lot in advance.0 -
Hi @rstanila,I think use concentrator is the fast way. Let's make VPN100 as HubTunnel with Azure:Local Policy: 192.168.3.0/24Remote Policy: 172.17.1.0/24Tunnel with vpn2s:Local Policy: 192.168.3.0/24Remote Policy: 192.168.40.0/24
In VPN100 have two VPN connection
then add both to Concentrator member
In this way, 172.17.1.0/24 can be access from 192.168.4.0 vice versa.
Thanks
Kevin0 -
i tried this, it needs also policy route on vpn2s. if behind vpn2s I want to access azure, how does the vpn2s know to route traffic to 172.17.1.0 (azure) through vpn tunnel with vpn100 ?
but on vpn2s I cannot add policy route through vpn tunnel. is not implemented.
I also tried to have full traffic fw through vpn tunnel with vpn100. does not work either to access azure.0 -
please check this link : https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=013463&lang=EN
so I am unable to check steps 4 and 5 because vpn2S does not have policy route through vpn tunnel and also Azure does not have this route.
azure returns by default the traffic if the sender subnet is in the list of address spaces for that gateway0 -
update : it works. without policy route or concentrator. I just added on first vpn tunnel as remote policy both HQ and azure and on azure I added both HQ subnet and vpn2s subnet in address space values list1
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
