
close
close
In a previous post, How Do You Customize Routing in Azure?, I explained why we might use user defined routing in Azure. In this post I will show you how to create a route table and routes, and associate that route table to virtual subnets.
I will start with a simple example based on a scenario that one of my customers faced recently. The customer was dealing with a site that had invested heavily in a software-based edge network solution that was not on Microsoft’s listed set of supported VPN devices. The customer wanted to deploy a site-to-site VPN connection, but didn’t want to purchase new edge firewalls. So the solution that was created was to deploy a virtual appliance in Azure that would act as the VPN gateway instead of using a gateway on the virtual network.
If you use an Azure gateway for VPN connectivity, the local network setting will provide your subnets with a route to your on-premises network. However, when you deploy your own VPN solution in a virtual machine (that’s what a virtual appliance is) then there is nothing, by default, to tell Azure how to route subnet traffic to the on-premises network(s).
Overriding the default routing of Azure networking with third-party VPN [Image credit: Aidan Finn]
advertisment
User defined routing will be used to fix the above problem. A route table will be created. A single route will be added:
When a packet is being sent from a virtual machine in the subnet to anywhere on 192.168.1.0/24, then the user defined rule will match and override the system route for routing the traffic to the Internet.
We will use the Azure Portal (https://portal.azure.com) to deploy this solution. A later post will show you the PowerShell alternative.
Open the Azure Portal, and click New > Networking > Route Table. Enter the required details for the new route table:
Click Create when you are ready.
Creating a new Azure route table [Image credit: Aidan Finn]
advertisment
Open up routes and click Add. Enter the following information:
Adding a user defined route to an Azure route table [Image credit: Aidan Finn]
A completed Azure route table [Image credit: Aidan Finn]
$RgName = “DemoPetriAF1” $VMName = “DemoPetriAFGW1” $NicName = ((Get-AzureRmVM -ResourceGroupName $RgName -Name $VmName).NetworkInterfaceIDs).Split("/")[-1] | Out-GridView -Title "Select a NIC to configure forwarding ..." –PassThru
Then you’ll get the configuration of that NIC using the following line:
$NicConfig = Get-AzureRmNetworkInterface -ResourceGroupName $RgName -Name $NicName
And finally you will enable IP forwarding:
advertisment
$NicConfig.EnableIPForwarding = $true $NicConfig | Set-AzureRmNetworkInterface
Be sure to repeat this for every virtual appliance NIC that will be used to route traffic on an Azure subnet. And now you can test your routing.
More from Aidan Finn
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Microsoft Azure
Build 2022: Microsoft's Intelligent Data Platform Combines Data and Analytics
May 25, 2022 | Rabia Noureen
Microsoft Revises Restrictive Cloud Licensing Policies to Avoid EU Antitrust Probe
May 19, 2022 | Rabia Noureen
Microsoft's Azure AD Conditional Access Service Can Now Require Reauthentication
May 13, 2022 | Rabia Noureen
Microsoft Addresses Cross-Tenant Database Vulnerability in Azure PostgreSQL
Apr 29, 2022 | Rabia Noureen
Microsoft Simplifies IT Monitoring with New Azure Managed Grafana Service
Apr 19, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group