We have implemented a HubToSpoke network in azure and a VPN connection to our on-premise network like this one :
HubToSpoke Network implementation
The network look like this:
On-premise <-> vnet-hub <-> vnet-spoke
10.88.0.0/16 10.222.0.0./16 10.221.0.0/16
From the on-premise netwok we can access a VM inside the HUB (and vice-versa). From the HUB we can access a VM inside the SPOKE (and vice-versa).
We cannot access a VM from the HUB to the on-premise network (and vice-versa).
How can we achieve this ?
We have setup the peering between HUB and SPOKE following this article : Configure VPN gateway transit for virtual network peering
So peering from SokeToHub has Use remote gateways enabled and HubToSpoke has Allow gateway transit enabled.
Do we need something more ? A route table ? If yes how can I setup this ?
Thanks for your help.
If you have downloaded VPN client packages before VNet peering and enabling gateway transit, I suggest re-downloading the VPN client on the local machine to make sure that routes to the gateway-connected virtual networks or on-premises networks propagate to the routing tables.