Peering is not working between two virtual networks in two separate regions.

18203024 80 Reputation points
2024-06-25T18:22:37.92+00:00

I have two virtual networks in two seperate regions. I have them peered with each other. All our infrastructure and vpngateways are in Vnet 1 I recently created Vnet 2 with a VM2 and created a peering between the two Vnets. I cannot connect to the VM 2 internally and I have been attempting to troubleshoot. I tried Connection troubleshoot testing from VM1 in Vnet1 to VM2 in Vnet 2 and it just tells me that an unknown error occurred.

I checked the Effective routes on the Nifcard of VM1 and the peering to the Vnet 2 is present. So I'm not sure what is causing this failure.

I went into connection monitor and setup an ICMP test from several VM in Vnet 1 to VM2 in Vnet2. I also setup an ICMP test going the other way. 3 out of 4 of the tests from VM2 to VMs in Vnet1 succeeded. 4 of the 4 ICMP tests from Vnet1 to VM2 failed. I have checked the IP Flow verify as well as NSG checker and found no issues. So I'm not sure where the hangup is.

I have confirmed routing is going to the peer connection. No conflicting NSG. IP address ranges are not overlapping.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,252 questions
0 comments
Accepted answer
  1. Luis Arias 5,751 Reputation points
    2024-06-25T21:33:27.77+00:00

    Hi 18203024,

    I understood that you already complete the peering of two vnets on different regions and now you are doing the test on this way:

    VNet 1 (VM1) <---- ICMP Tests ----> VNet 2 (VM2)

    • The tests from VNet 1(VM1) to VNet 2 (VM2) are failing.
    • The tests from VNet 2 (VM2) to VNet 1 are mostly succeeding (3 out of 4).

    Here the points to check what some you already did it:

    1. Check Network Security Group (NSG) Rules: Ensure that the NSG rules associated with the subnet or the network interface of VM1 and VM2 allow ICMP traffic in both directions.
    2. Verify Virtual Network (VNet) Peering Settings: Check the peering settings on both VNets. Ensure that the settings allow forwarded traffic, allow gateway transit, and do not block virtual network access.
    3. Inspect Operating System Firewall Rules: The firewall within the operating system of the VMs might be blocking ICMP traffic. Ensure that the firewall rules within the VMs allow ICMP echo requests and responses.
    4. Examine Effective Routes: Check the effective routes on the network interfaces of VM1 and VM2. The routes should include the address space of the peered VNet.
    5. Test Network Communication: Use the ‘Connection troubleshoot’ feature of Azure Network Watcher to test network communication between VM1 and VM2.
    6. Review VNet Peering Status: The peering status should be ‘Connected’ in both directions.

    After you verify that everything looks done and in place, you can raise a support ticket y following this doc: https://video2.skills-academy.com/en-us/azure/azure-portal/supportability/how-to-create-azure-support-request

    If the information helped address your question, please Accept the answer.

    Luis

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. 18203024 80 Reputation points
    2024-06-26T16:26:25.24+00:00

    Yes I have tried all the troubleshooting and will be opening a support ticket.

    0 comments