Forwarding website request via Vnet-2-Vnet tunnel in Azure

0
votes

Can someone please help me with this Azure solution.

Scenario:

I have VM1 in VNet in Azure (VNet1) and a VM2 in another VNET (VNet2). I have created a VNet-2-VNet tunnel between these two and I verified that it works properly. I have a website that is only reachable from the VM2 in VNet2 via VPN S2S tunnel. If I try telnet from VM1 to VM2 it works. If I try to browse the HTTPS (443) site from the VM2 it works.

What I need to do:

I need to be able to browse the website directly on VM1. My guess is that I will have to set up some routing that traffic from VM1 will hop to VM2 and from there send the request to the website, or something. So far nothing I've tried works.

If you need any more information I will fill in the blanks. Thanks in advance for your help

2
azurerequestazure-virtual-network

2 Answers

0
votes

Do you mean you set vnet-to-vent between Vnet1 and Vnet2, then set site-to-site between vnet2 and web Vnet, and you want to community Vnet1 and Web Vnet?

If I understand it correctly, for now, Azure does not support this, because there is no derived transitive relationship.

As a workaround, we can configure VM2 to forward traffic to Web Vnet, make VM2 work as a router.

Update:

We can install RRAS on it, and configure NAT for it, work like this:

enter image description here

More information about it, please refer to this blog.

Update2:

The best way to achieve it, we should create a VPN between web net and VNet2.

0
votes

I contacted Microsoft Azure support and the helpdesk person told me that the only way how I could achieve this would be to:

  1. Have the VNET2VNET tunnel between my VNET1 and VNET2
  2. Have the Site2Site VPN connection between my VNET2 and the on-premises Website
  3. Create a UDR on my VNET1 to forward traffic from subnet in VNET1 to the destination over my Virtual Appliance (VM2 in VNET2)
  4. Enable BGP on both of my VNETs, and also enable BGP on the on-premises network

This was unfortunately not possible for me, because I only manage the 2 VNETs for client and the on-premises network is managed solely by client and he didn't want to enable it. Luckily I have one other option how to acomplish the connection. I will need to move the VM that needs access from VNET1 to VNET2 and from there contact the on-premises site directly.