Attempting to ping an Azure VM (10.3.1.4) in the Hub Virtual Network (10.3.0.0/16) from a nested VM (VM1 at 192.168.100.10) running on a Hyper-V host (10.2.1.5) within another Virtual Network, HyperVNet (10.2.0.0/16). The networks are connected via a successful Site-to-Site (S2S) VPN. However, pinging 10.3.1.4 from VM1 results in a "Request Timed Out" error. An Internal NAT switch has been created (192.168.100.10). The VM inside the virtual machine and the hypervisor itself are able to ping each other. The firewall is disabled on all VMs. IP forwarding is enabled in all VMs. What steps can be taken to troubleshoot this connectivity issue?

Please check the NSG rules, ICMP is blocked by default in Azure NSGs. Allow inbound ICMP traffic on the Azure VM's NSG. Also, verify your VM Firewall, ensure Windows/Linux firewall allows ICMP requests. Another possibility could be VPN Routing, ensure routes between Hub VNet and HyperVNet are correct. finally, if using nested virtualization, enable IP forwarding on the VM NIC.

Unable to Ping Azure VM from Nested Hyper-V VM

Somil Bajaj 0

Attempting to ping an Azure VM (10.3.1.4) in the Hub Virtual Network (10.3.0.0/16) from a nested VM (VM1 at 192.168.100.10) running on a Hyper-V host (10.2.1.5) within another Virtual Network, HyperVNet (10.2.0.0/16). The networks are connected via a successful Site-to-Site (S2S) VPN. However, pinging 10.3.1.4 from VM1 results in a "Request Timed Out" error.

An Internal NAT switch has been created (192.168.100.10).
The VM inside the virtual machine and the hypervisor itself are able to ping each other.
The firewall is disabled on all VMs.
IP forwarding is enabled in all VMs.

What steps can be taken to troubleshoot this connectivity issue?

Rohith Vinnakota 3,000 Reputation points Microsoft External Staff

2025-03-04T18:37:26.56+00:00
Hi @Somil Bajaj

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

Could you please share the below details:

How the connectivity from Hub-VNET to Hyper V-VNET?

whether 10.2.1.5 was able to ping the machine 10.3.1.4 and vice versa?

Please share the connection troubleshoot result from source to destination IP and click on see details to see the next hop?
Somil Bajaj 0 Reputation points

2025-03-05T05:15:45.5966667+00:00

Hi @Rohith Vinnakota

-> The Hub VNet and Hyper-VNet are connected via a VPN gateway (Site-to-Site Connection)
-> Neither 10.2.1.5 nor 10.3.1.4 are able to respond to pings.
Rohith Vinnakota 3,000 Reputation points Microsoft External Staff

2025-03-05T17:45:17.5666667+00:00
Hello @Somil Bajaj

Thank you for reply!

Could you please confirm that HyperVNet (10.2.0.0/16) has a VNET peering connection to the HUB VNET (10.3.0.0/16) where HUB VNET has a VPN Gateway deployed?

I think that we don't need a site-site VPN connection between these VNets instead we can use VNET-VNET connection.

However, can you please share the below details to understand the connectivity flow.

Can you share the VM NIC Effective routes for this two Ips (10.2.1.5 & 10.3.1.4)

Connection Troubleshoot between source (10.2.1.5) and destination Ip (10.3.1.4)
click on see details and share me the output result.
Rohith Vinnakota 3,000 Reputation points Microsoft External Staff

2025-03-07T00:05:15.46+00:00

Hello @Somil Bajaj
Greetings

Could you kindly provide the details mentioned above to help resolve the issue?

1 answer

Adam Zachary 0 Reputation points

2025-03-07T01:23:20.67+00:00

Please check the NSG rules, ICMP is blocked by default in Azure NSGs. Allow inbound ICMP traffic on the Azure VM's NSG.

Also, verify your VM Firewall, ensure Windows/Linux firewall allows ICMP requests.

Another possibility could be VPN Routing, ensure routes between Hub VNet and HyperVNet are correct.

finally, if using nested virtualization, enable IP forwarding on the VM NIC.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Unable to Ping Azure VM from Nested Hyper-V VM

1 answer

Your answer