Azure to onprem issue

Alex Kline 0 Reputation points
2024-09-11T22:44:50.26+00:00

Hello,

We are attempting to troubleshoot connection from Azure to onprem over site-to-site VPN. We are able to ping and connect to instances from onprem to azure but not the other way around.

  • Onprem -> s2s -> Azure (works)
    • both ping and rdp work
  • Azure -> s2s -> onprem (doesn't work)
    • both ping and rdp don't work

What we've checked/tried:

  • VM NIC NSG has IMCP and RDP rules (inbound and outbound)
    • tried removing the NSG from VM NIC no difference
  • IMCP rules on VM firewall are enabled (inbound and outbound)
  • Confirm VM NIC effective routes are correct
  • Onprem address spaces are listed on local gateway
  • No NSG on VM subnet or Gateway subnet
  • tracert from azure vm to onprem times out, no hops
  • Confirmed our local firewall has an inbound policy to allow connections from azure over s2s vpn

Are there any good resources to further diagnose traffic routing in azure to ensure it's making it to the VPN gateway or subnet at the very least. It does seem weird that tracert isn't reporting at least a hop to the vpn virtual gateway.

Any thoughts or guidance would be most appreciated! Happy to provide any additional details.

Thanks in advance!

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,516 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sai Prasanna Sinde (Quadrant Resource LLC) 95 Reputation points Microsoft Vendor
    2024-09-13T16:57:12.55+00:00

    Hi @Alex Kline,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    As an original poster cannot accept their own answer, I am reposting it so that you can accept it an answer. Accepted answer will help other community members navigate to the appropriate solutions.

    Issue: Azure to on-premises connection issue

    Solution: The problem was a missing policy with the on-premises firewall allowing traffic from Azure to on-premises. Once the policy was created, OP could connect and ping from Azure to on-Prem resources.

    Please remember to "Accept Answer" and "Upvote it" so that others in the community who are experiencing similar challenges can easily find a solution.

    Your contribution is greatly appreciated.

    Thanks,

    Sai Prasanna.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.