Active Directory Log on and Azure

Reply
Highlighted
L0 Member

Active Directory Log on and Azure

Hello all,

I have set up a PAN cluster in an Azure environment and also extended the Active Directory domain controllers in Azure (configure site links and AD AD replication with Virtual Machines in Azure), I have Azure ExpressRoute in middle and all traffic from on-prem is routed via the PAN cluster. 

 

Now the issue I'm experiencing is that, on-prem workstation (even via VPN/VDI connectivity) are trying to the connect the Active Directory domain controllers in Azure,however, if the traffic routing from on-prem to Azure via the PAN is disable this issue doesn't occur...please what could be the problem

Highlighted
L1 Bithead

Based on the information provided, it is most likely an asymmetric route.

 

By default, Azure propagates the VNET routes to the ExpressRoute gateway.  These routes do not use the VM-Series as the next hop.

 

If intent is to send traffic from ExpressRoute to the VM-Series, then the GatewaySubnet must have a User Defined Route that points to the firewall.  Likewise, the AD server subnet's in Azure must also have a UDR that points to VM-Series.  You can disable route propagation between the GatewaySubnet and AD subnet by disabling BGP route propagation within their Azure route tables. 

 

Screen Shot 2020-07-16 at 5.43.56 PM.png

 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!