Azure P2S client traffic to S2S network

0
votes

My VNet won't allow me to connect to the s2s location via p2s connection.

I'm trying to connect the Azure VPN client on my machine and reach a site that is allowed in a network which I have a s2s connection to.

Here's the thing, I can't get traffic to flow from my pc running the VPN client, out to the target site.

Topology

PC > VPN Client > VNet via p2s > Remote network via s2s > FTP server

I'd like to be able to ping the FTP server from my machine. Currently only devices in the VNet can ping.

I tried setting up BGP but it broke the connection, as I don't really know how things should be set.

I don't have access to the remote site or it's devices. I have a Azure local network gateway which is configured as the s2s location.

I'm sorry if that doesn't make sense.

Edit: here is the picture of the network

enter image description here

2
azurenetworkingroutingvpnazure-virtual-network
there is community where sysadmins hang out - it is Server Fault. They know those arcane words you are using. There are software developers here who understand them as well but I think you have better chances for the answer there.Maxim Sagaydachny
Is the VNet via p2s and Remote network via s2s use the same VPN gateway? I mean that you have only one Azure VNet that Azure gateway subnet is deployed? Could you redownload the VPN client packages from the Azure portal after verifying the S2S connection is working? Or could you show the network topology?Nancy Xiong
Hi Nancy, Yes the P2S and S2S is on the same Azure gateway. I've been advised to use BGP to traverse from the VGW VPN out through the S2S connection on the VGW.greenSacrifice

2 Answers

0
votes

BGP is the standard routing protocol which enables the Azure VPN Gateways and your on-premise VPN devices to exchange "routes" that will inform both gateways on the availability and reachability for those prefixes to go through the gateways or routers involved.

To configure the BGP, your on-premise device should also support BGP. Read

Without BGP, If you add the point-to-site addresses after you create your site-to-site VPN connection, you need to update the routes manually. You need to manually add the routes to the remote network on your machine.

For more information, you could refer to configure and validate virtual network or VPN connections. Except the Ping tool, you prefer to use TCping tool, see the detailed steps.

Generally, you could troubleshoot the issue by searching the common issue and solution in the virtual network gateway---Diagnose and solve problems on Azure portal. It's recommended to new a support ticket to get your issue resolved quickly.

0
votes

My solution to this as I can't enable BPG is to use a proxy server within the VNet.