I'm a Cisco network engineer stepping into a new role that involves managing an Azure environment, which I'm completely new to. I've tried deploying a firewall in our existing production virtual network (VNET) but ran into issues when I attempted to use a NAT gateway on the management interface. I've since created a separate VNET for this firewall. The management interface needs access to the internet and should also connect to the on-prem firewall manager. I placed a NAT gateway on the management interface for internet access and have peered the new VNET with the production VNET. I'm unclear on how to route traffic back to the on-prem device. In the routing table associated with the management interface, I'm assuming I should set the next hop as a Virtual Network. Since these are peered, does Azure automatically know to route to the production VNET? Once it reaches there, how does Azure determine which routing table to use to get the traffic to on-prem? I hope this explanation makes sense. Any guidance would be greatly appreciated!
2 Answers
Budget constraints can be tough! Since you already have a virtual network gateway linking your Production VNET to your on-prem Mako firewall via an IPSec tunnel, you're on the right track. For your peering options, ensure that you've checked the relevant settings; if you left forwarding to the virtual gateway unchecked, it may hinder communication. Look at confirming the routing table entries once traffic hits the Production VNET.
You might want to consider configuring a next-hop NVA (Network Virtual Appliance). Deploying a third-party NVA could help manage your routes more effectively. Can you share more about your peering setup? How was your on-prem connection established before your deployment?
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures