Menu
I am configuring an Azure VPN with site-to-site connectivity to a large enterprise customer. I have configured the following address space:
Now the customer has asked "Could you please send us traffic with one ip address, instead of range (192.168.2.0/27)"
I will only have one VM on the VPN so I can pick any IP in the range, but should I pick one from the Subnet-1 range or the Gateway range? What will the customer see our traffic as coming from?
Edit Once I answered my own question I realised how poor the title was so I've edited it.
215
You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway. VPN gateway supports standard and basic SKU public IP addresses depending on the SKU of the VPN gateway. Public IP prefixes aren't supported.
The gateway subnet is part of the virtual network IP address range that you specify when configuring your virtual network. It contains the IP addresses that the virtual network gateway resources and services use. When you create the gateway subnet, you specify the number of IP addresses that the subnet contains.
The IP address of a VPN gateway is usually the IP address of the network interface that connects to the Internet. You can also define a secondary IP address for the interface, and use that address as the local VPN gateway address, so that your existing setup is not affected by the VPN settings.
Answer Description: The following statements are true: Azure allows you to deploy your own VPN gateways or servers in Azure, either from the Azure Marketplace or by creating your own VPN routers.
The answer is no. Do not use the gateway subnet.
I eventually found exactly what I required on this Microsoft page. Specifically:
And don't deploy VMs or anything else to the gateway subnet.
and
Can I deploy Virtual Machines or role instances to my gateway subnet?
No.
100
By default, VPN gateways are deployed as two instances in an active/standby configuration, even if you only see one VPN gateway resource in Azure. When planned maintenance or unplanned disruption affects the active instance, the standby instance automatically assumes responsibility for connections without any user intervention. Connections are interrupted during this failover, but they're typically restored within a few seconds for planned maintenance and within 90 seconds for unplanned disruptions.
The new guidance is now - Use at least a /27 address mask for the gateway subnet.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
