Site to Site HUB Routing issue for in Azure VWAN

MILAN OMIDVAR 0 Reputation points
2023-12-04T09:33:50.4166667+00:00

Greetings,

I am building a proof of concept architecture using Azure VWAN and having issues routing internal private traffic between branches.

For sake of simplicity I will include only the parts of the infrastructure that are relevant to the problem.

The infra consists of:

Azure VWAN instance

Hub inside the VWAN for Site to Site connection

VPN Gateway

A Site to site (VPN gateway) enables you to connect VPN sites to a hub.

*Hub Routing Preference

All sites are easily connected to one of two VPN Gateway Instance or VPN Gateway Instance 1.

1- But after connecting, they cannot ping the Private IP of the Azure VPN Gateway Instance.

2- None of the sites can ping other sites, unless we manually enter the subnet of the opposite site to the site we want to connect to. What the hub routing should do.

*Description: All sites are both Associate and Propagate at the time of creation.Diagram-virtual-wan-

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
197 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 49,011 Reputation points Microsoft Employee
    2023-12-04T11:30:04.2833333+00:00

    Hello @MILAN OMIDVAR ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    To enable Branch-to-Branch Connectivity in Virtual WAN, you can configure this setting using Azure Portal: Under Virtual WAN Configuration menu, Choose Setting: Branch-to-Branch - Enabled.

    User's image

    Refer: https://video2.skills-academy.com/en-us/azure/virtual-wan/virtual-wan-global-transit-network-architecture#branch-to-branch-b-and-branch-to-branch-cross-region-f

    • All branch connections need to be associated to the Default route table. That way, all branches will learn the same prefixes.
    • All branch connections need to propagate their routes to the same set of route tables. For example, if you decide that branches should propagate to the Default route table, this configuration should be consistent across all branches. As a result, all connections associated to the Default route table will be able to reach all of the branches.

    Refer: https://video2.skills-academy.com/en-us/azure/virtual-wan/about-virtual-hub-routing#considerations

    If there is an overlap of IP addresses between 2 branches, then there is a feature where you can perform NAT for one Branch and route accordingly.

    Refer: https://video2.skills-academy.com/en-us/azure/virtual-wan/nat-rules-vpn-gateway

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.