Share via

Combining Global Secure Access With Azure VPN

Sam Ceulemans 0 Reputation points
2025-01-08T13:07:01.39+00:00

We are rolling out Global Secure Access, however we are running into a few issues of which the main one is that it does not work in combination with Azure VPN. As soon as Global Secure Access is activated, the VPN client disconnects. We are using Azure VPN to restrict access to production resources like Virtual Machines and databases.

We assumed this was a routing issue so we added the VPN IP Address and VPN routes to the GSA Internet Access Custom Bypass without success. Before we move into more troubleshooting like explained here: https://techcommunity.microsoft.com/discussions/azurenetworksecurity/global-secure-access-and-azure-vpn/4103655

Is this a know limitation? Any workaround? Has anyone faced and solved this issue?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,608 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,809 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Navya 14,220 Reputation points Microsoft Vendor
    2025-01-08T15:39:28.2733333+00:00

    Hi @Sam Ceulemans

    Thank you for posting this in Microsoft Q&A.

    I understand you are facing an issue with Global Secure Access and Azure VPN.

    Azure VPN is supported starting from version 2.1.149. Can you please confirm if you are using this version? Also, please verify the GSA endpoint and route exceptions. You mentioned adding the VPN IP address and VPN routes to the GSA Internet Access Custom Bypass, but it seems that this did not resolve the issue.

    Please review and confirm that the following GSA addresses are correctly added to the exception list: *.globalsecureaccess.microsoft.com, 150.171.19.0/24, 150.171.20.0/24, 13.107.232.0/24, 13.107.233.0/24, 150.171.15.0/24, 150.171.18.0/24, 151.206.0.0/16, 6.6.0.0/16.

    If these addresses and IP ranges are not properly bypassed in the Azure VPN configuration, it could cause the conflict where the VPN client disconnects once GSA is activated.

    If you have met the above requirements and are still encountering issues, please let me know. We can connect offline and discuss further on this. Please send us an email at azcommunity@ microsoft.com with the subject "ATTN: Navya" and the following details in the email body: Link to this thread/post.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.