Hello,<\/p>\n

Advertisement

Close

I recently received a subscription to Azure and setup a VM with a virtual network VPN to my on-prem. That all is working fine and dandy. I can contact all the resources on my LAN. My problem now is that I’m trying to route traffic from my Azure VM across my LAN to my DMZ. Everything I have tried thus far has been unsuccessful.<\/p>\n

Advertisement

Close

So the virtual network is setup as a site-to-site VPN that connects to my Sonicwall via a tunnel interface. Traffic to my Azure network is routed from my LAN network to VPN and proper access rules in place. LAN to DMZ is wide open on the Sonicwall. DMZ to LAN is heavily restricted. I assume I need to just allow access from DMZ to LAN to pass traffic to the VPN but I can’t seem to get my access rules to work correctly.<\/p>\n

Thanks in advance!<\/p>","upvoteCount":4,"answerCount":4,"datePublished":"2019-06-12T17:19:21.000Z","author":{"@type":"Person","name":"jeremybergener","url":"https://community.spiceworks.com/u/jeremybergener"},"acceptedAnswer":{"@type":"Answer","text":"

OK, so the VPN works. Fantastic! Now you want that same VPN to allow access from Azure to your DMZ. Keep in mind that DMZs by default are already internet facing and segregated from your LAN by design. Does it make more sense to connect over the WAN connection?<\/p>\n

In general, VPNs will connect to the resources you allow them to. So, if the DMZ is in the allowable list, Azure can connect. By default, your VPN will only connect tot eh local lan. In Sonicwall, you would need to build an Address Group made up of address objects (the subnets you want to allow the Azure side to connect to). Then you add this to the network tab on your vpn connection.<\/p>","upvoteCount":3,"datePublished":"2019-06-12T17:45:25.000Z","url":"https://community.spiceworks.com/t/sonicwall-routing-traffic-to-dmz-from-vpn-and-back/716153/2","author":{"@type":"Person","name":"jcLAMBERT","url":"https://community.spiceworks.com/u/jcLAMBERT"}},"suggestedAnswer":[{"@type":"Answer","text":"

Hello,<\/p>\n

I recently received a subscription to Azure and setup a VM with a virtual network VPN to my on-prem. That all is working fine and dandy. I can contact all the resources on my LAN. My problem now is that I’m trying to route traffic from my Azure VM across my LAN to my DMZ. Everything I have tried thus far has been unsuccessful.<\/p>\n

So the virtual network is setup as a site-to-site VPN that connects to my Sonicwall via a tunnel interface. Traffic to my Azure network is routed from my LAN network to VPN and proper access rules in place. LAN to DMZ is wide open on the Sonicwall. DMZ to LAN is heavily restricted. I assume I need to just allow access from DMZ to LAN to pass traffic to the VPN but I can’t seem to get my access rules to work correctly.<\/p>\n

Thanks in advance!<\/p>","upvoteCount":4,"datePublished":"2019-06-12T17:19:21.000Z","url":"https://community.spiceworks.com/t/sonicwall-routing-traffic-to-dmz-from-vpn-and-back/716153/1","author":{"@type":"Person","name":"jeremybergener","url":"https://community.spiceworks.com/u/jeremybergener"}},{"@type":"Answer","text":"

Dang, I can’t believe I didn’t even think about connecting it over the WAN instead… I will go that route instead. Thanks!<\/p>","upvoteCount":0,"datePublished":"2019-06-12T17:50:55.000Z","url":"https://community.spiceworks.com/t/sonicwall-routing-traffic-to-dmz-from-vpn-and-back/716153/3","author":{"@type":"Person","name":"jeremybergener","url":"https://community.spiceworks.com/u/jeremybergener"}},{"@type":"Answer","text":"