Multi site hybrid VPN solution - is it possible?
Here is a scenario I considering to support:
Multiple organizations, each one has its own local network (I can't change their addresses, need to deal with what they have)
I want to have single Azure VM, which will run "agent". This "agent" need to be able to connect on demand to any of customer's machines as administrator, and perform various operations (such as creating users). Also it must be able to reach organization's AD
All organizations need to be connected to the same Azure VM (to the same "agent")
Organizations should be isolated one from other (e.g. no connections between local networks)
Does such scenario supported by Azure?
According to your scenario, you could create Multi Site-to-Site VPN. You create more than one VPN connection from your virtual network gateway, typically connecting to multiple on-premises sites. When working with multiple connections, you must use a RouteBased VPN type (known as a dynamic gateway when working with classic VNets). Because each virtual network can only have one VPN gateway, all connections through the gateway share the available bandwidth. This is often called a "multi-site" connection.
More information about how to configure multi site-to-site VPN please refer to this link.
However, there are a few points that need to be explained.
Multiple organizations, each one has its own local network (I can't change their addresses, need to deal with what they have)
None of the address ranges overlap for any of the VNets that this VNet is connecting to. If the IP address ranges overlap, it is not possible do it.More information please refer to this FAQ.
All organizations need to be connected to the same Azure VM (to the same "agent")
You could create a VM in the Vnet and you could access to all your organizations, you don't need a "agent".
Organizations should be isolated one from other (e.g. no connections between local networks)
Azure supports this, when you build VPN connections, organizations is isolated one from other by default.
- Deploy filtered metrics on Azure dashboard with Bicep
- IAsyncEnumerable JSON streaming is not streaming on azure web app running on IIS
- node-fetch azure document translator
- Need help getting Azure AD B2C SSO with Azure AD
- Unable to get all users from Microsoft Graph using Python SDK
- You need to ensure that WebApp1 uses the ASP.NET v4.7 runtime stack
- MS Graph API - How to query additional pages
- how to hash users into random values in azure databricks
- How can I manage Azure SQL user/login/credentials
- How to connect secrets value stored in Azure key vault to Azure app service env variables directly
- AVD Insights Host Performance Blade Empty after vhange to new Azure Monitoring Agent
- How to get a list of users from azure graph API
- Azure App Service Flask Deployment Error: "Failed to Respond to HTTP Pings on Port 8000; Site Start Failed. Check Container Logs for Debugging."
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- Can you publish a new standalone Angular project (esproj) directly from VS2022 to Azure?
- Cors configuration
- Publish error: Found multiple publish output files with the same relative path
- remove event subscriptions from system topics
- Is it possible to use .env in a React Web project?
- Sign in to Azure Account from VS Code
- How to copy blobs from azure to aws using python?
- AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
- how to mask hash users into random values [email protected] in azure databricks
- Can we use PostgREST API with Azure
- Bicep adding DNS Records saying already exists when it doesn't
- Issue in sending personal message in MS Teams with Graph API
- import files to databricks workspace
- Create an Api connection to log analytics workspace via bicep
- az funcapp publish .net8 Isolated breaking Azure configuration runtime settings on Sync