Posted this in /r/AZURE , but posing here as well to hopefully find someone who might be able to help.
Our azure environment was originally set up for a handful of servers etc., that would route 10.0.0.0/8 over the route-based VPN gateway back to HQ and everything else would route out via a Palo alto VM in azure.
Now we want to set up a VDI environment in azure and need to route two public IP’s back to HQ so that our partners can see them coming from our usual public IP. I already asked and no they are not going to allow our azure NAT’d public IP in through their firewall.
I have tried using the route tables to push the traffic from the azure subnet to HQ, but I see the gateway subnet IP and nothing after that, and I never see the traffic on my HQ firewall. I see traffic for 10.0.0.0/8 IP’s but never the public IP’s and I don’t see anything getting dropped.
I have tried using forced tunneling and advertising custom routes but that still no luck. I tried setting up a VPN tunnel from the Azure palo to my HQ firewall but that caused other routing issues.
A packet capture on the VPN gateway and on one of the VDI VM’s doesn’t show anything helpful
If anyone has any advice on how to get this working it is greatly appreciated. Thanks in advance
No comments:
Post a Comment