I currently have 1 Vnet (vnet1) with a policy-based s2s vpn gateway. This tunnel is connected to vsphere where a DC and file server is located. I need to create another vpn gateway within this vnet to connect to on-premises firewall (watchguard). this will be using a route based gateway.
I understand you cannot connect 2 vpn gateways per vnet, so what are my options here? can I create a new vnet and peer it to vnet1? then create a vpn gateway inside that vnet? Will the devices behind the watchguard firewall be able to access the VM’s in vnet1?
Please help!!
If you peer the two vnets, VMs in each would not be able to use the gateway in the remote vnet without implementing UDRs and an NVA in each vnet.
VMs in a vnet will use their local gateway, they cannot use the remote gateway in this topology, can use local or remote, but not both.
So VMs in the vnet with the VMware VPN will need a UDR configured to point traffic, destined for the Watchguard, to an NVA in the remote vnet. That NVA will have routes from the local gateway to reach the Watchguard over the VPN. The GatewaySubnet will need a UDR too to direct traffic from the VPN to the NVA, otherwise you’ll get asymmetric routing.
The return traffic would hit the NVA and be routed over the peer to the remote vnet.
The same setup would be required in the Watchguard VPN vnet to allow VMs there to use the VMware VPN.
So substantially more infrastructure and configuration required.
The vsphere and watchguard are not on the same network?
Create 2 lng in the same vpngw, each pointing to the respective public IP of vsphere and the watchguard.