Gateway Subnet does not allow me to create a subnet with current subnets avaiable RRS feed

  • Question

  • Hello , 

    I am getting the following error when trying to make a gateway subnet for a VPN connection to our local environment. 

    "Your subnet is not contained within the address space for this virtual network:,"

    The documentation doesn't clearly explain what info it is looking for it just tells me to enter in an address range. Only two subnets I have for my production environment is shown in the above error.

    Thank you,

    Bryan Hull

    Friday, January 27, 2017 8:42 PM

All replies

  • Hi Bryan,

    What are your Virtual Network address prefixes? ( and

    Did you create any subnets in the ranges already? And what address prefix did you try for the GatewaySubnet?

    Basically, the GatewaySubnet must be in the virtual network range, but cannot overlap with any existing subnets.



    • Proposed as answer by Cloud_Crusader Sunday, January 29, 2017 11:43 AM
    Friday, January 27, 2017 9:25 PM
  • Hello Yushun, 

    Your second sentence gave me the info I need. I had to create a second address space in the Vnet settings (virtual network range) for the gateway subnet to tap into. I though it could use a created subnet that has no VMs on it. 

    I now have the connection working successfully going to my Ubiquity gateway but I'm not able to ping or reach anything from one side to the other both from locally to azure and from azure to local environment. Do I have to setup a DNS server to point records from one environment to the other. 

    Thank you, 

    Bryan Hull

    Sunday, January 29, 2017 1:01 AM
  • Hi Bryan,

    If you just ping using IP addresses, (e.g., something like "ping"), then DNS server is not required to make this work. If the IPsec VPN tunnel is showing "up" from both Azure and also your on premises VPN device, then you should check a couple of things: (these are the usual stuff, just to make sure the obvious points are covered)

    1. The routing on your side is setup correctly, where the packets will go to your on premises VPN device for the destination IP address(es) in your Azure Virtual Network. You also should have the routes or access list setup correctly on your VPN device.
    2. The firewall on the VMs and also the Network Security Group you have associated with your Azure VMs (both the subnet and the NIC) must allow the ping packets from your on premises IP ranges
    3. The source IP address(es) of your on premises systems must be part of the "Local Network Gateway" address prefixes that you defined.

    If all these are fine and you still could not get ping working, my recommendation is to open a Support Request because more information is needed to look into the issue in details.



    Tuesday, January 31, 2017 12:22 AM