It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Why can't I access servers deployed in Azure through a site-to-site VPN between a remote location and an NG Azure?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00007044 


Barracuda NG Firewall Azure


By default, servers deployed in Azure will not use the NG Azure as their primary gateway, and at the time of this writing, it isn't possible to change the routing of VMs deployed in Azure (see

Therefore, when a remote computer initiates a connection across the site-to-site VPN to a server in Azure, the traffic must be SNATted with the NG Azure's own IP address. This can be accomplished by setting the Connection Method to Dynamic SNAT in the forwarding rule governing the site-to-site traffic, which will ensure that the server routes the return traffic back to the NG instead of its default gateway.

However, if a VM deployed in Azure initiates a connection to a remote client across the site-to-site VPN, that traffic will not be routed through the NG by default. A client-to-site VPN will need to be established on the VM, and the network of the remote client will have to specified in the VPN configuration of the network routes. The client VPN network will also have be set as a local network in the configuration of the site-to-site tunnel on the NG Azure and as a remote network on the remote VPN endpoint. Finally, forwarding rules will have to be created or modified on each side to allow the traffic through.

Link To This Page: