You can find all Azure Point-to-Site VPN routing and connectivity scenarios in the below article: In case you are unable to use the UseRemoteGateway / AllowGatewayTransit features in your Vnet peering, you can go for site to site VPN connection with BGP between Vnet A and Vnet B and manually add the routes for Vnet B to the clients. The gateway is either a local or remote gateway in the peered virtual network, which means the virtual network that is using a remote gateway can't have its own gateway. However, if Vnet B also have an Azure VPN gateway, then the above approach will not be possible because a virtual network can have only one gateway. If this is correct and you do not have an Azure VPN gateway deployed in Vnet B, then in order for your clients to access Vnet B resources via P2S VPN, you need to enable UseRemoteGateway / AllowGatewayTransit features in your Vnet peering. And there is a Vnet peering between Vnet A and Vnet B. Any insight would be welcomed.įrom your description, I understand that you have an Azure VPN gateway deployed in Vnet A and are using SoftEther VPN in Vnet B. I'm not a networking expert by any stretch of the imagination, but I'm pretty sure that this should just work. I've checked the Network Security Groups, and there's nothing obvious. This means that all of network A is in 10.10.0.0/24, which makes for nice, easy routing and firewall rules if needed. When I created the address pool for the P2S VPN, I used the second half of the potential network space of Network A. There's one thing that may present an issue, just because it's uncommon. The in-network VMs have no special routing since it's handled at the gateway level. The fact that traffic can properly flow from VPN client through network A and down to the on-premises network is a good sign. I've checked the routing tables on various machines, and they look good. I can reach all resources in Network C (On premises), but I cannot reach resources in Network B. I would like to switch to using an Azure P2S VPN connected to network A (diagram attached). This adds overhead and reduces reliability. I'm using SoftEther as the VPN server, and since Azure doesn't allow promiscuous networking, the VPN servers are NATing the clients. This is functionally what I want, but there's a performance problem with the VPN clients that connect to networks A or B. From any point in any network, including clients of each VPN server, I can reach any other object on the network. I originally suspected that this was a routing issue, but I'm beginning to wonder.Įach network has a VPN server.