My goal is to connect from an external computer to both a Azure virtual network as well as a small on-premise network via an Azure VPN Gateway:
The Azure virtual network has the address range 10.1.0.0/16. The on-premise network has the address range 10.2.0.0/16.
So far, I have done the following:
So the topology looks like this:
VPN-client =p2s=> Azure =s2s=> On-premise
I can now dial in via VPN, but I can only ping addresses within the virtual network. On-premise addresses are not reachable.
I have also added the line
ADD 10.2.0.0 MASK 255.255.0.0 default METRIC default IF default
to the routes.txt file on the VPN client, but it's still not working.
This is not possible to achieve this.
Why
First, Azure VNet is a logic isolation and segmentation. Each virtual network is isolated from other virtual network.
When you try to connect the VNet Via P2S VPN, your client can communicate with resources in the VNet. But it cannot direct the traffic out of the VNet.
When you try to connect the VNet via S2S VPN, your site can communicate with the resources in the VNet.But it cannot direct the traffic out of the VNet.
Because they are using different Gateway and have different CIDR and Azure VNet cannot route the inbound traffic to one specify outbound gateway.
For Example
VNetA <peering or VPN gateway> VNetB <peering or VPN gateway> VNetC
But VNetA cannot communicate with VNetC
This is important for Azure VNet to reach isolation and segmentation.