0
votes

I have the following network topology in Azure and I am struggling to find what is the missconfiguration that does not allow me to have traffic between one VNET and a client connected via point-to-site VPN connection and another VNET. The two VNETs are connected via peering connection.

The same setup works for another peered VNET and traffic between VNETs is allowed. There are no Network security groups in the game.

I tried to create VMs in every VNET to check the traffic between VNETs. and my findings are summarized in the picture. Any idea for a potential root-cause or a point I forgot to configure something is welcome. Thank you.

Network topology

1

1 Answers

1
votes

I assume you have set up the second peering pairs after the P2S VPN connection is finished, so the VPN client downloaded package might have not included the route to virtual network 10.28.0.0/16. You could ensure that the two peering connections are in connected status then re-download your VPN client packages.

Furthermore, you need to ensure that you meet the HUB-SPOKE network topology in Azure.

In this case, the hub network is 10.29.0.0/16, the spoke is 10.31.0.0/16,10.28.0.0/16.

To allow gateway traffic to flow from spoke to hub, and connect to remote networks, you must:

  • Configure the peering connection in the hub to allow gateway transit.
  • Configure the peering connection in each spoke to use remote gateways.

Let me know if you still have any question.