VPN S2S with RRAS

Question

Hi I have Azure VPN S2S with RRAS 2012 R2 the VPN Established but my problem in the routing.

RRAS Server can't ping any Azure Subnet but Azure Can Ping RRAS internal IP Address.

to be honest i tried this scenario many time and it works perfectly but I don't know what is going on with me in this case.

RRAS Server Virtaul NIC connect to simple switch without any configuration.

RRAS Server Public NIC connected directly to Router.

Thanks,

---

Ahmed Ali

Answer 1

Hi Ahmed,

As you are using 2012 based RRAS server please try the following:

1.        Use the IPSEC monitor console to check if there is a quick mode being established for the azure subnet you are trying to get to.
2.        You could also try to disable windows firewall on these azure and on-prem VMs and check.
3.        You can also try to RDP from a one prem vm to azure to see if that works as well.

Please let us know if this works.

Regards,
Malar.

Answer 2

in CMD/Azure from the machine you're trying to ping/rdp from, run Tracert [azure ip] and see if it's actually hitting your server hosting the vpn. If it's not, run Route Print to see if it's being misdirected from that machine. If not, then if your default gateway has the route, but the route's gateway is on your inside network, it might not allow hairpinning.

If you run Route Add [azure address space] [azure mask] [vpn server ip], are you then able to connect?

Answer 3

I tried all with same result.

---

Ahmed Ali

Answer 4

Hi Ahmed,

If you are unable to find the quick mode there is an issue with the way the Subnets have been defined.
You would have to reconfigure your VPN and check.

You can use the following link for further assistance:
http://msdn.microsoft.com/en-us/library/dn636917.aspx

If this does not work you might have to raise a Technical case for an elaborate investigation of the issue.

Regards,
Malar.