On prem WG VPN tunnel to Azure NVA WG for On-Prem network extension?

AzureEngineWM

We are working on extending our on-premises network to Azure and we seem to be having issues with the network and routing. I am used to creating a normal Azure S2S VPN and utilizing Azure for most of the routing. In this case our Network engineers have setup a BOVPN from the on-prem WG FW to a Firebox NVA in our main VNET/subnet and a connection to each Azure subnet within needs a new NVA nic deployed and connected to their respective subnets. I understand the goal here is to have everything pass through the firewall, but this has been a nightmare for me building Azure solutions. Is there anyone who understands how to do this properly, or has a similar infrastructure and can point me in the right direction? Thanks Everyone

james.carson

Hi @AzureEngineWM

In general, this involves.
-adding the nic in Azure. You may need to reboot the firewall to have the NIC show up in the firewall (as it will need to re-read the json file it gets that info from.)
-Setting the new interface up on the firebox cloud.
-Make sure IP forwarding is enabled on the NIC in Azure's settings.

If you're running into any issues, I'd suggest opening a support case using the support center link on the top right of this page -- our support team can look into your specific issue and assist.