Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,567 questions
Site-to-Site VPN Connection Status Changes to Unknown
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 12%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHE%3C/text%3E%3C/svg%3E)
Hidaya El Habti
0
Reputation points
Hello,
I set up a Site-to-Site VPN connection from an Azure VNET to an on-premise network to access a private SMS gateway, following this tutorial: Site-to-Site VPN Gateway Setup.
Here’s the setup:
- The on-premise VPN device is supported.
- The local network gateway is configured with the VPN device's public IP and two address ranges:
sms-gateway-private-ip-1/32andsms-gateway-private-ip-2/32.
The connection was working fine with a status of Connected. However, it suddenly changed to Unknown.
Troubleshooting details:
- Connection stats show:
- Ingress Packets Dropped due to Traffic Selector Mismatch: 0 Packets
- Egress Packets Dropped due to Traffic Selector Mismatch: 0 Packets
- VPN Gateway Resource Health reports:
At 05:40 PM, Wednesday, 20 November 2024 UTC, the Azure monitoring system received the following information regarding your VPN connection: The connection cannot be established because the other VPN device is unreachable. If the on-premises VPN device is unreachable or not responding to the Azure VPN gateway IKE handshake, the VPN connection cannot establish.
- Ingress Packets Dropped due to Traffic Selector Mismatch: 0 Packets
When we restarted the IPSec tunnel on the on-premise VPN device, the connection briefly showed Connected but reverted to Unknown shortly afterward.
Question:
- What could be causing this issue, and how can I resolve it?
- Are there additional diagnostics or configurations I should check on either the Azure side or the on-premise VPN device?
Any guidance would be greatly appreciated!
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Sai Prasanna Sinde 1,260 Reputation points Microsoft Vendor2024-11-21T06:45:05.2733333+00:00 Hi @Hidaya El Habti,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I would like to confirm that you have followed https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-site-to-site-cannot-connect and it did not resolve the issue.
Please consider the additional troubleshooting steps below to further investigate this problem.
- Could you please verify if the pre-shared key shared in both environments is correct?
- Please verify the address space mentioned in the Local Network Gateway and ensure it is not overlapping.
- Please use the below document to troubleshoot the VPN gateway issues using diagnostic logs. Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics
- Please make sure you have not used the NSGs on your gateway subnet level. The NSG on the gateway subnet are not supported. Associating a network security group to this subnet might cause your virtual network gateway to stop functioning as expected.
Kindly let us know if the above helps or you need further assistance on this issue.
Regards,
Sai Prasanna.
-
Hidaya El Habti 0 Reputation points
2024-11-21T08:34:23.6266667+00:00 Hello @Sai Prasanna Sinde ,
Thank you for your recommendations. I’ve gone through all the suggested steps, but unfortunately, the connection status remains Unknown.
If there are any additional troubleshooting steps or diagnostic tools that could help further investigate this issue, please let me know.
Thank you!
-
Sai Prasanna Sinde 1,260 Reputation points Microsoft Vendor
2024-11-22T09:46:55.3733333+00:00 Hi @Hidaya El Habti
Greetings!
- Could you please review the TunnelDiagnosticLog and RouteDiagnosticLog logs, particularly around the time the issue occurred, and identify any errors that appear?
- Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics
- Could you please verify the duration it takes for the status to transition from "connected" to "Unknown"?
- Could you please attempt resetting the VPN gateway to see if it addresses the problem?
- Perform continuous pings from the on-premises network to Azure and then gather packet captures.
- Please check IKE logs. It would be helpful to check these logs while conducting the ping test.
- Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics#IKEDiagnosticLog
- Use a single sequence to filter and determine where the traffic is getting blocked, based on the log insights.
Kindly let us know if the above helps or you need further assistance on this issue.
Regards,
Sai Prasanna.
Sign in to comment
Sign in to answer