0

I've got Policy-Based VNET that is connected to Cisco ASA - there is no way to make it Route-Based.

I need all of my app deployment (Azure Web App, Azure Cloud Services) to be connectable only from the subnet that lives after Cisco gateway - there is no connection to the internet in this LAN.

There is no way to deploy Cloud Services to VNET that is policy-based (it gives me an error that this subnet doesn't exist), also there is no way to bind Azure Web App to this VNET - it says that it requires RouteBased VNET.

Is that possible to create RouteBased VNET and make connection between PolicyBased VNET and RouteBased VNET on the azure side, so that LAN could access internal IPs from routebased VNET

zobber
  • 3
  • 1
  • 2

2 Answers2

2

it's supported now for on-prem vpn devices (not for vnet to vnet). see https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps

Sanjay
  • 21
  • 2
0

Based on my knowledge, Azure does not support make connection between Policy Based Gateway and Route Based Gateway.

Firstly, a PolicyBased VPN can only support one Site-to-Site VPN tunnel.But according to your description, you need two Site-to-Site VPN tunnels.

Secondly, you could refer to this official documentation .

Can I connect a VNet with a RouteBased VPN Type to another VNet with a PolicyBased VPN type?

No, both virtual networks MUST be using route-based (dynamic routing) VPNs.

Shui shengbao
  • 3,503
  • 1
  • 10
  • 20
  • Great, thanks for the answer. Then any ideas on how to deploy Cloud Service to Policy-Based VNET? – zobber Jan 24 '17 at 09:27
  • Could you deploy your web app to virtual network? I think you could create Policy Based gateway on virtual network. Maybe you could refer this [link](https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-integrate-with-vnet) – Shui shengbao Jan 24 '17 at 10:12
  • It's possible to do that by specifying VNET & subnet names, but it's unable to find that VNET if it's policy based. – zobber Jan 24 '17 at 10:59