cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
855
Views
0
Helpful
1
Replies
Highlighted
Beginner

CSR in Azure - Inbound traffic from Xpress-route + Encryption using GRE

Hi,

I have a question on the inbound route path when deploying CSR 1000V in Azure and using UDR (user defined routes) option for the subnets to route the outbound traffic to the 1000V and make intelligent path selection (possibly with a PBR and Encrypted GRE tunnel to the on-premise router).

Azure documentation states that inbound traffic from express route is handled directly by the Azure Express Gateway bypassing the Virtual Appliance.

'

https://azure.microsoft.com/en-gb/documentation/articles/virtual-networks-udr-overview/

User defined routes are only applied to Azure VMs and cloud services. For instance, if you want to add a firewall virtual appliance between your on-premises network and Azure, you will have to create a user defined route for your Azure route tables that forward all traffic going to the on-premises address space to the virtual appliance. However, incoming traffic from the on-premises address space will flow through your VPN gateway or ExpressRoute circuit straight to the Azure environment, bypassing the virtual appliance.

'

Any help will be much appreciated.

 

 

 

Everyone's tags (1)
1 REPLY 1
Highlighted
Beginner

this is a persistent problem

this is a persistent problem with all network appliances in that you cannot control inbound traffic to a VNET as you would expect; this is complicated more if you have ExpressRoute and multiple VNETS connected to the same circuit.    you will need to apply a UDR on the actual gateway - which is currently not supported but the product group have listened.

you may see this functionality at some point in Azure this year.