问题描述:

Can anyone suggest the best approach,

I want a site to site vpn between my azure subscription and my on-premise newtork

(10.1.0.0/16)

I want to use the 10.20.0.0/16 subnet in azure

I want to use multiple resource groups and some subnets within each resource group route back to on-premise networks and remaining subnets to route out via the internet e.g. front-end hosts

hope this makes sense

网友答案:

This has nothing to do with Resource Groups. RGs are used to organize Azure Resources and does not affect network configuration in any way.

What you need is called User Defined Routes and it's accomplished by defining these routes into Subnets or the entire VNet. So for example, suppose your appliance IP is 10.1.0.1:

First, create the route:

$route = New-AzureRmRouteConfig -Name RouteToBackEnd `
    -AddressPrefix 10.1.0.0/16 -NextHopType VirtualAppliance `
    -NextHopIpAddress 10.1.0.1

Add it to the route table:

$routeTable = New-AzureRmRouteTable -ResourceGroupName TestRG -Location westus `
    -Name UDR-BackEnd -Route $route

And finally, associate it with your Subnet:

$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName TestRG -Name TestVNet

Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name FrontEnd `
    -AddressPrefix 10.20.0.0/16 -RouteTable $routeTable

Reference:

Create User Defined Routes (UDR) in Resource Manager by using PowerShell

相关阅读:
Top