I've been playing around with Azure's vnet offerings and I can't seem to get a simple network topology working. I am using the Resource Manager model. It seems that Azure's capabilities for even the simplest set ups is incredibly limited. The scenario that I want to model is one where I have one local network trying to communicate with Azure using a PolicyBased (IKEv1) VPN, and various clients that need to connect to the network independently (P2S). PolicyBased VNetGateways do not support P2S, so I need to have two gateways, which seems to be the root of the problem.
My setup then becomes this:
_____ _______ ______
|LAN | |VNet1 | |VNet2 |
| M0 |--S2S (PolicyBased)--| |--Peering--| VM |--P2S--(Client1)
|_____| |_______| |______|
And what I need to accomplish is:
Issue 2 is the one that I can't get to work. A machine in VNet2 is able to communicate with a machine in VNet1, and a machine in VNet1 can see M0. However, VM cannot see M0. I can get it to work if I remove the vnet gateway in VNet2 required for P2S and having VNet1 act as a gateway for VNet2, but this obviously fails requirement 1.
Any suggestions? In the documentation for VNet peering they seem to hint that RouteTables (UDR) could be a solution. That is, routing requests from a subnet to a Network Virtual Appliance (NVA). However, I can't find any lightweight NVA's for simple routing, and I'm not sure if this would even work.
For now, Azure does not support your scenario.
VNet peering is between two virtual networks, and there is no derived transitive relationship. So, Vnet1 and Vnet2 could communicate with private IP, but VM cannot see M0. More information about peering please refer to this link. UDR also could not achieve your scenario, maybe you could refer to this question.