This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 3%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
I have 2 VNETs in Azure.
Vnet1 -10.0.0./24 -- Peered
Vnet2- 10.10.0.0/24 -- Peered.
Gateway transit is allowed on Vnet1 and use remote gateway is selected on Vnet2
Firewall Sonic wall. Current status: VPN tunnel is created(route-based) and connected from on-prem to Vnet1 and VM's on Vnet1 to On-prem
peering is completed, DBvnet used a remote virtual network, and it connects with Vnet1.
The challenge.Vnet2 cannot connect with on-prem and on-prem cannot connect with Vnet2
You direct yourself to the Virtual network and then click on the NIC interface for your resource.... After that you will find the following options:
I can see remote network address appears on rules of both Vnet VM's
Have you advertised the DBvnet address space to your Sonicwall and have you defined the DBvnet address space in your local network gateway?
https://video2.skills-academy.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
Site-to-site is created using the network address range of APPVnet(AppVnet has the VNG)
Your answer and link doesn't really much helps me let me know how to connect On-prem on DBvnet
Your site-to-site connection is between your VPN gateway on AppVnet and your on-premises network with the Sonicwall, correct?
You will need to advertise all of the Azure VNET address spaces in your connection settings. This needs to be done in Azure on the local network gateway resource and also on your Sonicwall. You should be able to modify your existing local network gateway to include both of your VNET address spaces below. THen make sure both of these address spaces are allowed on the Sonicwall side also.
10.0.0.0/24
10.10.0.0/24
1.) correct.
cannot add 10.10.0.0/24 on Local Network gateway it doesn;t allows that way.
I have already added
10.0.0.0/24
10.10.0.0/24 on address space. The only solution for me looks like I need to setup another VNG for Vnet2
Can you send a screen shot of the address space for VNET1 and VNET2. It sounds like you have an overlap here.
I wonder if this topology is Hub and spoke since you mentioned that your Firewall Sonic wall is the one running IPsec protocol(Facing your on-premises FW).
If you have an overlapping allocation issue between on-premises and your Vnets, you can think of using NAT(If any of your resources hosted on those Vnets and are using an FQDN you can set up DNAT using a FQDN as destination ip.
If you want to gather more details perphas we can help...
Cheers,
Have you checked your effective routes vs UDR routes(User defined routes table)?
where do I check it?
Resolved added address objects of both the Vnet's in-group and added the Tunnel interface on routing policies