I have a scenario, with no route server, where VPN GW is using a different AS number than default. I see the VPN routes in the ER GW with the CLI command "..vnet-gateway list-learned-routes...", as EBGPs pointing to VPN GW. I guess that's because they're externals, right? But why are they then not announced to the MSEEs/Circuit? Can you help me get my head around that. Thanks! From ER GW learned-routes(VPN GW has ASN 65009): 10.32.32.0/20 10.71.0.50 EBgp 10.71.0.50 65009
Officially that is still unsupported with Route Server, its supported on VWAN today. Doc: learn.microsoft.com/en-us/azure/route-server/route-server-faq#can-azure-route-server-provide-transit-between-expressroute-and-a-point-to-site-p2s-vpn-gateway-connection-when-enabling-the-branch-to-branch
Technically unsupported according to the docs but I have implemented it and it did work for p2s users getting to on prem. This was a split tunnel however, not full tunnel which as Adam mentioned is only supported with virtual wan
Love the detail and clarity , as always 😊 , thanks @Adam and @Daniel
Thanks. Very informative!
Good stuff as always!
If we had FastPath enabled, how would it affect the flows?
ruclips.net/video/WyhlMU3XEKE/видео.htmlsi=vqqu5uMDxur1bllK :)
I have a scenario, with no route server, where VPN GW is using a different AS number than default.
I see the VPN routes in the ER GW with the CLI command "..vnet-gateway list-learned-routes...", as EBGPs pointing to VPN GW. I guess that's because they're externals, right? But why are they then not announced to the MSEEs/Circuit? Can you help me get my head around that. Thanks!
From ER GW learned-routes(VPN GW has ASN 65009):
10.32.32.0/20 10.71.0.50 EBgp 10.71.0.50 65009
@@thomaswinther8774 you certainly need azure route server to make er to vpn transit work.
Thanks Adam would this work if the azure gw was doing p2s instead of S2S, could VPN clients connect back to the express route ?
Officially that is still unsupported with Route Server, its supported on VWAN today. Doc: learn.microsoft.com/en-us/azure/route-server/route-server-faq#can-azure-route-server-provide-transit-between-expressroute-and-a-point-to-site-p2s-vpn-gateway-connection-when-enabling-the-branch-to-branch
Technically unsupported according to the docs but I have implemented it and it did work for p2s users getting to on prem. This was a split tunnel however, not full tunnel which as Adam mentioned is only supported with virtual wan