I have a Sonicwall NSA4650 set up with BGP Peers and tunnel interfaces to connect to Azure. The problem arises when both tunnels are active; my on-premises network has trouble connecting to the Azure environment. I'm using two ISPs and want both tunnels active for failover, but ideally, I want one ISP to handle all standard traffic and route Azure requests through the other connection. I've experimented with NAT and routing policies, and I've adjusted the BGP Peer IP for the second connection to have a longer AS, hoping to make it the preferred route from Azure. Any suggestions on how to make this work? (I'm using Azure GCCHigh)
2 Answers
You might want to look into using a cloud access broker like Megaport. It could help streamline your architecture and solve some of these routing headaches.
Have you thought about tracing the traffic? I faced something similar before, and it turned out to be an issue with asymmetric routing.
Could that really happen with dual ISPs? I would think if it started from one source it should return through the same path.
Unfortunately, that’s not feasible for us due to compliance requirements. We have to keep the data transmission specific.