Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,557 questions
Azure S2S tunnel <> Watchguard onpremise: no traffic passing through after some time of inactivity
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 71%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPH%3C/text%3E%3C/svg%3E)
Pieter Huygens
25
Reputation points
Dear, In August 2023 we've built an Azure S2S tunnel between our Azure VNET & Watchguard onprem. We didn't have any issues with this tunnel: it was rock solid for about 6 months. We didn't reconfigure anything in the 6 months because it was just working fine as expected. 2 weeks ago our issues started: the tunnel stays up: no errors are reported in Azure for the connection and our Watchguard appliance does not report any issues, but no traffic is passing through anymore! When we reset the tunnel in Azure, the issue is gone and everything starts working as expected again. When we keep a PC online and start a continous ping between Azure & Onprem: the tunnel stays live! That's how we keep the tunnel at this moment live so we don't have any production interrupts. The issue begins again when we stop the continuous ping and no user is using the tunnel for a long time (during overnight): then in the morning we see that no traffic is passing through anymore. What we already did:
- Checked the DH groups & Encryption types & Integrity settings for phase 1 and phase 2.
- Already built up the tunnel from scratch on Watchguard & Azure: followed all best practices from MS & Watchguard.
- Doublechecked SA lifetime & DPD settings.
- No traffic selectors were defined in Azure in the past: we've defined them previous week for troubleshooting this: but no luck:
Ticket is open with Watchguard & Azure support: but no luck for the moment... All we see in Azure is this:
Anyone? Many thanks!
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT 26,216 Reputation points Microsoft Employee2024-02-16T03:17:13.5+00:00 @Pieter Huygens
Thank you for reaching out. I have made private message here. Can you please share the requested details there? Thank you! -
Pieter Huygens 25 Reputation points
2024-02-16T08:16:25.2666667+00:00 Dear, I've sent you ticket number, it's raised via our MS Azure reseller, so I don't know if you can view content.
-
ChaitanyaNaykodi-MSFT 26,216 Reputation points Microsoft Employee
2024-02-17T02:50:22.7133333+00:00 @Pieter Huygens
Thank you for getting back. Yes, unfortunately I cannot access the content in this case. If it helps and if not already done. You can enable the Diagnostic logs for your VPN Gateway and check the TunnelDiagnosticLog table. The TunnelDiagnosticLog is very useful to troubleshoot past events about unexpected VPN disconnections. -
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Sign in to comment
2 answers
Sort by: Most helpful
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more