Azure Cross-region VNet connectivity with on-premises access

Question

I have one Vnet (VNet1) in region 1 which is connected to on-premises using s2s VPN. I have got this peered with a second Vnet (Vnet2) in the same region following hub-spoke network pattern. VNet2 is configured to use Vnet1 Gateway transit for on-premises connectivity.

Now I have a third Vnet (Vnet3) in region3 which is also a spoke for Vnet1. Since this is in a different region I used VNet-VNet VPN (since Global Vnet peering doesn't support transitive gateway.) I reused the existing VPN that was used for S2S on Vnet1 for the Vnet1-Vnet3 connectivity.

The question is how do I support transit Gateway feature from VNet3->Vnet1 to achieve on-premises connectivity? To test it out I have setup UDR to route all traffic from Vnet3 to VPN Gateway. So this should bring the traffic to Vnet1. But this doesn't allow me to reach on-premises. Shouldn't Vnet1 routes know that the traffic is for on-premises and route it accordingly? Do I need some kind of NVA in Vnet1?

Any help would be appreciated.

Answer 1

If you want to create multi VPNs between the vnets, first you should take care and pay attention to the limitations of it. See limitations for multi VPN. And you also can follow the steps to create the multi VPNs.

Answer 2

Vnet-to-Vnet it will not work by itself the way you intend. Because when you create a V2V connection the routes between only the 2 vnets are created but not visible, so you can not edit them to add add the route to OnPrem also. That's why you were not able to connect directly from OnPrem to second Vnet.You can try to activate BGP on each connection S2S and V2V, this will take care of the routes.

If enabling BGP is not an option, then instead of using V2V between the 2 VNETs, use also S2S, check this article here second scenario the last part.