ZyXEL with client VPN and Azure Site to Site VPN Configuraton

Published On: 2017-04-12By:

I’m going to start out by saying that I’m not a networking guy, at all. But that said sometimes I have to pretend to be a networking guy. In our lab we have a decent set of machines. We also have our Azure environment that’s up and running which is where our websites, etc. are all running out of. To keep things simple we have our VPN setup at the CoLo as that’s where we need to go most of the time when we’re VPNed in since that’s where we can spin up servers for free.

Ever since we setup the CoLo we have had this annoying issue of having to RDP to a VM in the CoLo before being able to talk to Azure. It isn’t a major thing, but it’s gotten annoying. Eventually I got sick enough of it to try and fix it.

4 hours later I had a solution.

Now we have a ZyWall 110 but this should be similar for most of their hardware. The first thing I needed to do what add another address object. That address object needs to be able to cover all the networks inside the network as well as the subnet that you’re using to give IPs to your VPN clients. Our CoLo is and we’re using for our VPN endpoints. Because I’m lazy it setup as  This is going to be needed later on.  I’ve got another address object named “Azure-US-West-Production” that defines our IP Subnet for our Azure Virtual Network.


Once that’s created you’ll need to modify the VPN Connection to use the new address object as the local policy.


When this was done the VPN dropped, so I had to tell the VPN to reconnect (or allow it to reconnect by itself).

Once that’s done you’ll need to add a route to direct the network traffic to where it needs to go.  For the route, you’ll need to setup the Incoming as “Tunnel”, then select the tunnel that your users VPN through (we use L2TP over IPsec and our tunnel is named ClientVPN).  For the source address I left that as “any”. For the Destination I selected the subnet for the Azure vNet that I want to allow people to connect to.  In the Next-Hop section Change the type to VPN Tunnel and select the correct VPN Tunnel that connects to the correct vNet. In my case it’s called Azure-USWest-Production.


We have several vNets in Azure (4 to be specific) and we want to be able to access all of them directly, so I had to repeat this for each one of them.

Now users that are VPNed in are able to access the VMs in Azure directly from their desktops and laptops without having to RDP to a VM in the CoLo.


The post ZyXEL with client VPN and Azure Site to Site VPN Configuraton appeared first on SQL Server with Mr. Denny.

Contact the Author | Contact DCAC


Globally Recognized Expertise

As Microsoft MVP’s and Partners as well as VMware experts, we are summoned by companies all over the world to fine-tune and problem-solve the most difficult architecture, infrastructure and network challenges.

And sometimes we’re asked to share what we did, at events like Microsoft’s PASS Summit 2015.

Awards & Certifications

Microsoft Partner   Denny Cherry & Associates Consulting LLC BBB Business Review    Microsoft MVP    Microsoft Certified Master VMWare vExpert
INC 5000 Award for 2020    American Business Awards People's Choice    American Business Awards Gold Award    American Business Awards Silver Award    FT Americas’ Fastest Growing Companies 2020   
Best Full-Service Cloud Technology Consulting Company       Insights Sccess Award    Technology Headlines Award    Golden Bridge Gold Award    CIO Review Top 20 Azure Solutions Providers
Share via
Copy link