VPN 网关对等
VPN Gateway peering
我知道虚拟网络对等是一回事,但 VPN 网关对等是一回事吗?如果是,那么如果一个 VPN 网关(A)与 AD AuthN(OpenVPN SSL 隧道类型)和一个 VPN 网关(B ) 使用 Azure 基于证书的 authN 使用 SSTP(SSL) 隧道类型,A 和 B 可以对等。
基于以上问题:
- 我们是否必须在 A 和 B 之间进行 S2S 对等设置,并为每个人手动路由以访问从 A 到 B 的任何资源,反之亦然?
- 此设置的局限性和优点(如果有)是什么?
- 它会被称为混合解决方案吗?
如果您在 Azure 中有两个 VPN 网关,您可以配置 VNet 到 VNet 连接以将 Azure VNet 相互连接。您不需要手动路由。 VNet 到 VNet 支持连接虚拟网络。将多个 Azure 虚拟网络连接在一起不需要 VPN 设备,除非需要跨界连接。
When you connect a virtual network to another virtual network with a
VNet-to-VNet connection type (VNet2VNet), it's similar to creating a
Site-to-Site IPsec connection to an on-premises location. Both
connection types use a VPN gateway to provide a secure tunnel with
IPsec/IKE and function the same way when communicating. However, they
differ in the way the local network gateway is configured.
When you create a VNet-to-VNet connection, the local network gateway
address space is automatically created and populated. If you update
the address space for one VNet, the other VNet automatically routes to
the updated address space. It's typically faster and easier to create
a VNet-to-VNet connection than a Site-to-Site connection.
您可以阅读 the document 了解更多详情。
我知道虚拟网络对等是一回事,但 VPN 网关对等是一回事吗?如果是,那么如果一个 VPN 网关(A)与 AD AuthN(OpenVPN SSL 隧道类型)和一个 VPN 网关(B ) 使用 Azure 基于证书的 authN 使用 SSTP(SSL) 隧道类型,A 和 B 可以对等。
基于以上问题:
- 我们是否必须在 A 和 B 之间进行 S2S 对等设置,并为每个人手动路由以访问从 A 到 B 的任何资源,反之亦然?
- 此设置的局限性和优点(如果有)是什么?
- 它会被称为混合解决方案吗?
如果您在 Azure 中有两个 VPN 网关,您可以配置 VNet 到 VNet 连接以将 Azure VNet 相互连接。您不需要手动路由。 VNet 到 VNet 支持连接虚拟网络。将多个 Azure 虚拟网络连接在一起不需要 VPN 设备,除非需要跨界连接。
When you connect a virtual network to another virtual network with a VNet-to-VNet connection type (VNet2VNet), it's similar to creating a Site-to-Site IPsec connection to an on-premises location. Both connection types use a VPN gateway to provide a secure tunnel with IPsec/IKE and function the same way when communicating. However, they differ in the way the local network gateway is configured.
When you create a VNet-to-VNet connection, the local network gateway address space is automatically created and populated. If you update the address space for one VNet, the other VNet automatically routes to the updated address space. It's typically faster and easier to create a VNet-to-VNet connection than a Site-to-Site connection.
您可以阅读 the document 了解更多详情。