Hey folks, I've run into a bit of a problem while upgrading some of our public IPs to standard. One of these IPs is tied to the gateway for our IPsec tunnel connecting our on-premises network to Azure. I can't temporarily disassociate it to upgrade, so I ended up creating a new gateway with a new public IP. The problem is, I had to set up a new virtual network because the existing one was already linked to the old gateway, but now that it's set up, I can't access any resources in Azure when I direct traffic through the new tunnel. I've even tried creating an 'allow any from any' firewall rule in the NSG linked to one of the VMs, but I'm still hitting a wall. It seems like I might need the new gateway to be in the same virtual network as the resources, but removing the old gateway and creating a new one will cause downtime and leave me without a backup connection. Am I missing something here, or is there a better approach before I take the plunge? Thanks!
1 Answer
You're correct that the gateway needs to be in the same virtual network for everything to work seamlessly. Right now, you’ve set up your new gateway in a network that has no resources, so it can't route traffic to them effectively. Sticking to the same virtual network is crucial. To avoid downtime when creating a new gateway, consider setting up VNet peering between your existing network and the new one. This way, you can transition more smoothly when you decide to remove the old gateway without losing access.
That makes sense! I’ll explore VNet peering for now. That should make it easier when I finally remove the original gateway.