ZyXEL with client VPN and Azure Site to Site VPN Configuraton

I’m going to start out by saying that I’m not a networking guy, at all. But that said sometimes I have to pretend to be a networking guy. In our lab we have a decent set of machines. We also have our Azure environment that’s up and running which is where our websites, etc. are all running out of. To keep things simple we have our VPN setup at the CoLo as that’s where we need to go most of the time when we’re VPNed in since that’s where we can spin up servers for free.

Ever since we setup the CoLo we have had this annoying issue of having to RDP to a VM in the CoLo before being able to talk to Azure. It isn’t a major thing, but it’s gotten annoying. Eventually I got sick enough of it to try and fix it.

4 hours later I had a solution.

Now we have a ZyWall 110 but this should be similar for most of their hardware. The first thing I needed to do what add another address object. That address object needs to be able to cover all the networks inside the network as well as the subnet that you’re using to give IPs to your VPN clients. Our CoLo is 172.30.0.0/21 and we’re using 172.30.250.0/24 for our VPN endpoints. Because I’m lazy it setup as 172.30.0.0/16.  This is going to be needed later on.  I’ve got another address object named “Azure-US-West-Production” that defines our IP Subnet for our Azure Virtual Network.

subnet

Once that’s created you’ll need to modify the VPN Connection to use the new address object as the local policy.

vpn_policy

When this was done the VPN dropped, so I had to tell the VPN to reconnect (or allow it to reconnect by itself).

Once that’s done you’ll need to add a route to direct the network traffic to where it needs to go.  For the route, you’ll need to setup the Incoming as “Tunnel”, then select the tunnel that your users VPN through (we use L2TP over IPsec and our tunnel is named ClientVPN).  For the source address I left that as “any”. For the Destination I selected the subnet for the Azure vNet that I want to allow people to connect to.  In the Next-Hop section Change the type to VPN Tunnel and select the correct VPN Tunnel that connects to the correct vNet. In my case it’s called Azure-USWest-Production.

policy

We have several vNets in Azure (4 to be specific) and we want to be able to access all of them directly, so I had to repeat this for each one of them.

Now users that are VPNed in are able to access the VMs in Azure directly from their desktops and laptops without having to RDP to a VM in the CoLo.

Denny

The post ZyXEL with client VPN and Azure Site to Site VPN Configuraton appeared first on SQL Server with Mr. Denny.

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trust DCAC with your data

Your data systems may be treading water today, but are they prepared for the next phase of your business growth?