Hi
We want to establish a hub and spoke configuration for vNETs in Azure and place our Sophos XG virtual appliance in the Hub vNET. The Hub vNET will then be the default gateway for internet access and a S2S IPSEC to an on-premise Cisco ASA. All "spoke" vNETs will gateway via the HUB. Currently this is setup and working with an Azure virtual network gateway to connect to on-premise via IPSEC VPN.
If we replace the virtual network gateway service with a Sophos XG VA, what I cant seem to find is how to route traffic back to the peered vNETs behind the Hub vNET on the XG. Do I need a "route inside" that returns the traffic to the peered vNETs? if I do then what IP would I send the route inside to as there is no "core router"?
10.100.0.0./16 Production vNET
Subnet 10.100.1.0/24 - frontend subnet with virtual machines attached
Peered to HUB vNet using remote gateway
10.250.0.0/16 HUB vNet
10.250.1.0/24- frontend subnet
Peered to Production vNET allowing gateway transit
The plan is to replace the current virtual network gateway with an XG v18 appliacen
XG VA set as 10.250.1.1
routing table configured in the HUB vNet for 0.0.0.0 via 10.250.1.1 for outbound internet access
this should work OK for all devices in the HUB vNET
how does the XG know how to route traffic back to 10.100.0.0/16 ?
Any help much appreciated.
This thread was automatically locked due to age.
