You have an Azure subscription that contains two peered virtual networks named VNet1 and VNet2. VNet1 has a VPN gateway that uses static routing,
The on-premises network has a VPN connection that uses the VPN gateway of VNet1.
You need to configure access for users on the on-premises network to connect to a virtual machine on VNet2. The solution must minimize costs.
Which type of connectivity should you use?
To configure access for users on the on-premises network to connect to a virtual machine on VNet2 while minimizing costs, you should use B. service chaining and user-defined routes (UDRs). Here’s how you can achieve this: User-Defined Routes (UDRs): Create a UDR in VNet1 that directs traffic destined for VNet2 to the VPN gateway. This ensures that traffic from the on-premises network to VNet2 flows through the VPN gateway of VNet1. Service Chaining: Enable service chaining on the VPN gateway in VNet1. Service chaining allows the VPN gateway to forward traffic to other services (such as Azure Firewall or Azure Application Gateway) before reaching its final destination. In this case, configure the VPN gateway to forward traffic to VNet2 through the UDR. By combining UDRs and service chaining, you can achieve connectivity between the on-premises network and the virtual machine on VNet2 while minimizing costs.
B is correct
Is correct
B traffic sourced from on-premise network -> VPN Gateway configured in vNet1 -> UDR which is hosted in the Route Table which is associated with the subnet of VPN Gateway -> VPN Gateway configured in vNet1 ->(via service chaining configured in VPN Gateway) -> vNet2
my last explanation is incorrect, here is the correct explanation Service Chaining involves enabling Gateway transit in vNet1 and allowing remote Gateway in vNet2. When a request from on-premises reaches the Gateway, it will be directed to vNet2 via the Gateway. The response to the on-premises request will be routed through the Gateway using the UDR (User Defined Route) in the Route Table configured in vNet2.
Here Service Chaining refers to "enable Gateway transit" in vNet1 peering and "allow remote Gateway" in vNet2 peering. The UDR route table is installed in vNet2 which direct the response to the request from on-premise network to the Gateway then reach on-premise network.
my last explanation is incorrect, here is the correct explanation Service Chaining involves enabling Gateway transit in vNet1 and allowing remote Gateway in vNet2. When a request from on-premises reaches the Gateway, it will be directed to vNet2 via the Gateway. The response to the on-premises request will be routed through the Gateway using the UDR (User Defined Route) in the Route Table configured in vNet2.