Virtual WAN, vpn(site to site) there is no IP address for my on-prem vti tunnel

Nikoloz Abuashvili 0 Reputation points
2024-02-28T07:04:35.1966667+00:00

I'm trying to create Azure hub and spoke topology, my understanding is that I need to use Virtual Wan. my problem is with the VPN connection to the on-premise network. In the Virtual WAN -> Hub -> VPN (site-to-site), and then create a site-to-site VPN to my on-prem using BGP (Cisco router). I can’t find the configuration that I should have on my side, that is, I have Cisco, but I don’t have an IP address for my vti tunnel, I can’t reach the bgp of the Azura peer. I can’t find normal documentation where the config is written on both sides. There is a VPN, IKEV2, which is UP, but there is no IP address for the VTI tunnel, if it is not VTI, then what config should I have for the branch? I have a Cisco router

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
197 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,434 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KapilAnanth-MSFT 39,366 Reputation points Microsoft Employee
    2024-02-28T09:38:54.04+00:00

    @Nikoloz Abuashvili ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    The BGP Configuration for Azure VPN Gateway is managed by Azure itself.

    • See : Gateway settings
    • Users can only add Custom APIPA BGP IP Address if that is a requirement

    For BGP Configuration of the OnPrem device, generally, the IP should come from the OnPrem network.

    See :

    Link Border Gateway Protocol:> Configuring BGP on a virtual WAN link is equivalent to configuring BGP on an Azure virtual network gateway VPN. Your on-premises BGP peer address must not be the same as the public IP address of your VPN to device or the VNet address space of the VPN site. Use a different IP address on the VPN device for your BGP peer IP. It can be an address assigned to the loopback interface on the device. Specify this address in the corresponding VPN site representing the location.> For BGP prerequisites, see About BGP with Azure VPN Gateway. You can always edit a VPN link connection to update its BGP parameters (Peering IP on the link and the AS #).

    You confirmed you were able to resolve the issue yourself.

    Kindly let us know if you need further assistance on this issue.

    Thanks, Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments