Site to Site VPN Connection
I have configured site to site VPN as per the Microsoft documentation.
We have created:
Vnet
Vnet Gateway
Local network gateway
Connection
We have configured with all the client's requirement.
We are seeing connection status: Unknown
We have also created the policy in their Firewall still we are not able to connect that VM with Private IP.
KINDLY HELP!
Azure VPN Gateway
Azure Firewall
Azure Virtual Network
Azure Policy
-
Rajini 0 Reputation points
2024-10-25T12:46:14.3966667+00:00 Hi Vatika,
Have you checked this? https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-site-to-site-cannot-connect
-
VATIKA SAXENA 0 Reputation points
2024-10-25T13:49:22.5166667+00:00 I have checked
But i want to be sure that from Azure side it is well configured.
-
Sai Prasanna Sinde 1,265 Reputation points • Microsoft Vendor
2024-10-28T04:03:26.0633333+00:00 Hi @VATIKA SAXENA ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Could you please cross-verify the below steps for Site-to-Site configuration:
From Cloud side:
- Deploy a Virtual Network and a name specific subnet called gateway subnet.
- Deploy the VPN gateway in the gateway subnet
- Deploy the Local Network Gateway and provide the On-Prem Public IP and Local LAN IP series. [Please select the same region for both VPN and LNG]
- Go to connections in LNG:
- Give the connection name
- Connection type: Site to Site.
- Virtual Network gateway (It will select automatically which you have created)
- Select the LNG which you have created.
- Give a Pre-Shared Key (Alpha Numeric) and share it in both the environments (Cloud & On-Prem)
- IKE Protocol: IKEv2
Leave the options as default and create a connection.
- Go to Network interface of you On-Prem server and configure a static route by giving the pre-shared key value which you have given in Cloud.
- Configure the static route under IPv4 by selecting the interface which you have created and give the rest of the details.
- Go to Network interface and select the respective interface and right click on it and connect, once it is connected.
- Go to LNG and the connection status will be connected.
If you are still facing the same issue after following the above, please refer to below points:
1. Please make sure you have not used the NSGs on your gateway subnet level. The NSG on the gateway subnet are not supported. Associating a network security group to this subnet might cause your virtual network gateway to stop functioning as expected. Please refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#view
2. Check the IP Flow verify in Network Watcher, whether the access is allowed or not.
- Troubleshoot Azure VPN Gateway using diagnostic logs, you can troubleshoot multiple VPN gateway-related events including configuration activity, VPN Tunnel connectivity.
Reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics
Please perform a packet capture on your S2S VPN to help pinpoint this issue.
Reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/packet-capture
- Also, did you try to reset the Azure VPN gateway twice as recommended?
Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/reset-gateway
- If all that's fine, then also check that your local firewall is configured to route traffic to through the right interface.
- Finally try to run e.g.
tracert <remote vm ip>
and see what it returns.
- If the above mentioned did not help, could you please share your entire configuration/network diagram of your setup with details if possible so that we can assist you better.
Kindly let us know if the above helps or you need further assistance on this issue.
Regards,
Sai Prasanna.
-
VATIKA SAXENA 0 Reputation points
2024-10-28T09:53:21.6666667+00:00 Hi,
As the Client give us the range of IPV4 addresses 10.50.50.0-250 and subnet 255.255.255.0
In Azure, we provided the Address space: 10.50.0.0/16 and range 10.50.0.0 - 10.50.255.255
Subnet1: 10.50.0.0/24
Gateway Subnet: 10.50.50.0/24
Note:- VM is using Subnet1
Could you please help me to verify the correct details for the Virtual Network in Azure?
-
Sai Prasanna Sinde 1,265 Reputation points • Microsoft Vendor
2024-10-29T01:37:13.0633333+00:00 Hi @VATIKA SAXENA ,
Greetings!
- As you mentioned you have deployed a VNet (10.50.0.0/16) and Subnets like, Subnet1 (10.50.0.0/24) & gateway subnet (10.50.50.0/24)
- In that gateway subnet (10.50.50.0/24) deploy a VPN gateway.
- Also deploy a Local Network gateway by providing the IP address (On-Prem device Public IP) and Address Space (On-Prem Local LAN IP series, Ex: 192.168.0.0/24).
- Go to connections in LNG:
- Give the connection name
- Connection type: Site to Site.
- Virtual Network gateway (It will select automatically which you have created)
- Select the LNG which you have created.
- Give a Pre-Shared Key (Alpha Numeric) and share it in both the environments (Cloud & On-Prem)
- IKE Protocol: IKEv2
Refer the document to cross verify the configurations from azure end: https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
If you are still facing the issue, please refer the above troubleshooting steps and let us know the status.
Kindly let us know if the above helps or you need further assistance on this issue.
Regards,
Sai prasanna.
-
VATIKA SAXENA 0 Reputation points
2024-10-29T12:39:56.3366667+00:00 We have configure these settings and also downloaded the configuration file currently we are able to see Connection status: Not Connected
-
Sai Prasanna Sinde 1,265 Reputation points • Microsoft Vendor
2024-11-04T06:56:49.6733333+00:00 Hi @VATIKA SAXENA ,
Greetings!
Sorry for the delay in response.
Could You please share the additional information like logs so that we can assist you further.
Also, please check Troubleshooting Azure VPN Gateway using diagnostic logs | Microsoft Lear
Especially the below mentioned and please let us know.
- GatewayDiagnosticLog
- TunnelDiagnosticLog
Kindly let us know if the above helps or you need further assistance on this issue.
Regards,
Sai Prasanna.
-
Sai Prasanna Sinde 1,265 Reputation points • Microsoft Vendor
2024-11-06T00:52:10.4+00:00 Hi @VATIKA SAXENA ,
Greetings of the day!
I would like to follow up with the thread.
Could you please go through the last comment and provide us the required information to drive the thread further.
Regards,
Sai Prasanna.
-
Sai Prasanna Sinde 1,265 Reputation points • Microsoft Vendor
2024-11-07T01:45:04.1166667+00:00 Hi @VATIKA SAXENA ,
Greetings of the day!
I would like to follow up with the thread.
Could you please go through the last comment and provide us the required information to drive the thread further.
If you need any further assistance, please don't hesitate to reach out to us. We are happy to assist you.
Regards,
Sai Prasanna.
-
VATIKA SAXENA 0 Reputation points
2024-11-07T09:27:48.9733333+00:00 I have checked everything from azure side i don't have access to client's VPN so that i can look into it.
-
Sai Prasanna Sinde 1,265 Reputation points • Microsoft Vendor
2024-11-11T07:04:07.31+00:00 Hi @VATIKA SAXENA,
Thanks for getting back.
Kindly provide the VPN gateway logs from azure side, particularly on: GatewayDiagnosticLog & TunnelDiagnosticLog, so that we can go through it and get back to you with an update.For your reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics
Thanks,
Sai Prasanna.
-
Sai Prasanna Sinde 1,265 Reputation points • Microsoft Vendor
2024-11-12T07:40:16.8766667+00:00 Hi @VATIKA SAXENA ,
Greetings!
Could you please go through the last comment and provide us the required information to drive the thread further.
Regards,
Sai Prasanna.
Sign in to comment