Two tunnels - one in cloud - other on prem - can't get to the one on prem.

Hi guys, is it possible to use two separate tunnels for access to on prem systems and cloud using the same Cloudflare warp zero trust connection? I setup one cloud server and can rdp to that via private IP in azure. But I cannot get to a 192.x.x IP when setting up a second tunnel. What am I missing?
11 Replies
hegdedarsh
hegdedarsh7mo ago
What is the status of the tunnels in the cloudflare dashboard ?
Steve Panozzo
Steve PanozzoOP7mo ago
green good we are using cloudflare warp to login to connect to domain - is it possible that the 192.168.99.x ip needes to be configured in the cloudflare warp split tunnels to include 192.168.99.x ?
Steve Panozzo
Steve PanozzoOP7mo ago
No description
Steve Panozzo
Steve PanozzoOP7mo ago
I see 192.x.x.x on the exclude list.
Steve Panozzo
Steve PanozzoOP7mo ago
No description
hegdedarsh
hegdedarsh7mo ago
From the images, it is clear that the 192.0.0.0/24 range is listed in the exclude section, which is very close to the 192.168.99.x range you mentioned needing access to.
Steve Panozzo
Steve PanozzoOP7mo ago
thanks. If I turn on the include IP's that would impact my users ability to use on prem resources on that vlan (if the zero trust is turned on) correct ? can you offer another solution?
hegdedarsh
hegdedarsh7mo ago
If your intent is to include just the 192.168.99.0/24 range (or a specific part of it), you can either: Remove the broader range from the exclusion list that encompasses the 192.168.99.x addresses. Or add the 192.168.99.0/24 range specifically to the "Include IPs" list if your policy is to exclude larger blocks by default.
Steve Panozzo
Steve PanozzoOP7mo ago
thanks for the help. i will try this.
hegdedarsh
hegdedarsh7mo ago
If you switch the setting in Cloudflare Warp from "Exclude IPs" to "Include IPs," you're effectively determining which IPs are routed through the Cloudflare tunnel and which are handled locally. By setting it to "Include IPs," only the specified IP addresses or ranges will pass through the tunnel, and all other traffic will be handled by the local network. Drawback: This could impact how your users access on-premises resources if those resources are not included in the specified ranges.
Steve Panozzo
Steve PanozzoOP7mo ago
yes. I understand. I could change the on prem devices to a 10.1.x network and that would solve it too. thanks for the support.
Want results from more Discord servers?
Add your server