TLDR: How do I fail over a multi site VPN so both sites can access resources from Azure if a connection failed while keeping the connections separate when no failure occurs.
I’ve been racking my brain over this for days. How can I effectively failover a multi site VPN while keeping traffic logical?
I have two sites 172.16.x.x and 172.17.x.x and an Azure network 172.18.x.x.
I have them configured where as 172.16.x.x goes straight to Azure and 172.17.x.x goes straight to azure. That makes sense and is fine.
I was testing and failing one of the VPNs causes that sites network to become completely unreachable, So if .17 failed, Azure wouldn’t be able to talk to .17 resources and vice versa.
So I defined 172.17 and 172.16 on both local gateways and that doesn’t work either. Now all the traffic flows through one site as opposed to taking their separate VPN connections. There is also a weird issue where if I define both networks on both local gateways then I can ping .18 fine, but can’t use other protocols like RDP.