Question
I have an Azure environment (10.50.0.0/24) which has a Site-to-Site towards an on-prem environment (10.1.0.0/24). I have some extra subnets (10.90.0.0/24 and 192.168.10.0/24) on the on-prem environment that I want to make available to the Azure machines.
Is it correct that I have to create a routing table containing the extra on-prem routes (10.90.0.0/24 and 192.168.10.0/24, pointing to the gateway), and attach it to the subnet, so that it gets routed to our on-prem router? I have tried that, but it seems that it then drops the existing default azure routes (towards internet and 10.1.0.0/24).
We have about 40 subnets that needs to be available over the Site-to-Site (both on-prem local networks and some remote networks over separate VPNs), do we need to add them all as a Phase 2 SA on the Site-to-Site?
Solution
If you edit the local network gateway you have; this is where you add the IPs:
Yes, you will need to specify the source and destination Subnets on your Router/Firewall VPN.
Reference
- Microsoft Docs > Azure > Networking > VPN Gateway > Modify local network gateway settings using the Azure portal
- Microsoft Docs > Azure > Networking > VPN Gateway > Create a Site-to-Site connection using the Azure portal (classic)
- Microsoft Docs > Azure > Networking > VPN Gateway > Tutorial: Create a Site-to-Site connection in the Azure portal