none
Accessing remote subnet from local subnet RRS feed

  • Question

  • Hi,

    We have an onprem Palo Alto router (subnet 10.5.1.0/24)

    We have an Azure network (subnet 10.6.1.0/24)

    We have site-to-site VPN from the Palo Alto to Azure

    We also have a site-to-site VPN from Azure to 3rd party (subnet 10.7.1.0/24)

    Now, from my local subnet (10.5.1.0/24) I can ping a VM in azure (10.6.1.0/24)

    I can ping from Azure the 3rd party (10.7.1.0/24)

    BUT I can't ping 10.7.1.0/24 from local 10.5.1.0/24

    The Palo Alto is set to route these addresses though the VPN tunnel, but then it doesn't reach it's destination or come back to me.

    Any ideas how to fix this?

    Thanks

    Kay

    Tuesday, April 2, 2019 5:02 PM

All replies

  • Hi Kay, 

    You have the following scenario:

    On-prem(10.5.1.0/24)  ---> Azure (10.6.1.0/24)  --> 3rd party Site (10.7.1.0/24)

    In order to make transit work, you need following routes in Azure Local Network gateway. 

    You should have the routes in On_prem stating that if the destination 10.6.1.0/24 and 10.7.1.0/24 then pass it via Azure tunnel Interface. 

    In Azure you don't need to any specify any routing. Similarly, on the 3rd party site, they need to forward traffic to 10.5.1.0/24 via Azure tunnel. 

    Regards, 

    Msrini

    Tuesday, April 2, 2019 6:04 PM
    Moderator
  • Hi Msrini

    Thank you, very much appreciate the quick reply!

    I've tried the configuration as you've outlined it but with no success...

    Is there anything else I can try? How would I troubleshoot this?

    Thank you

    Kay

    Wednesday, April 3, 2019 2:08 PM
  • 

    This is on the 3rd party supplier subnet

    Wednesday, April 3, 2019 2:14 PM
  • Hi Kay, 

    Is the 3rd party site Azure?

    You don't need to configure anything on Azure VNET. The routes which I mentioned has to be configured on On-Premises. 

    Regards, 

    Msrini

    Wednesday, April 3, 2019 2:21 PM
    Moderator
  • Hi Msrini

    Yes exactly - On Prem (10.5.1.0) to our Azure (10.6.1.0) to their Azure (10.7.1.0)

    Thank you

    Kay

    Wednesday, April 3, 2019 3:02 PM