Oh Gosh! I never came back to this post since 2021. I have set up the VPNs - since then the organization now has 3 sites across the US - ATL, DC, LA. Since I wanted each site to be a stand-alone site I configured each as a HUB (mesh)... I also did not want the other sites to connected to each other via Azure, I simply used different IP Subnets for each location (for example: 10.10.x.x, 10.11.x.x, 10.12.x.x). Since they automatically configure Remote VPN Participants, I added Outbound Firewall Rules for the Site-to-Site VPN configurations for each location to deny all traffic to remote subnets... example: Deny 10.10.x.x any 10.11.x.x, 10.12.x.x any Deny 10.11.x.x any 10.10.x.x, 10.12.x.x any Deny 10.12.x.x any 10.10.x.x, 10.11.x.x any
... View more