locked
Creating a SiteToSite connection with Azure. RRS feed

  • Question

  • Hello,

    I have created my first SiteToSite connection with Azure environment an my Onpremise network. Apparently, all is working fine (the status connection is "connected"). Well, if I try to do a ping from AzureVM to my VPN-Onpremise-Server, the request is ok, but i can't see any other device of my Lan. Also, if I try to do a RDP connection from VPN-Onpremise-Server to AzureVM, I can't reach it, but from the Azure portal, I can establish a RDP connection to the VM. Any suggestions?

    Thanks in advance.

    Thursday, October 25, 2018 8:48 PM

Answers

  • If you are able to reach the VM from the Public IP, but unable to reach it from your S2S VPN, the likely cause is that traffic is being blocked. 

    To start, check routes, Azure NSGs, as well as on-premise firewalls to make sure that traffic is not being blocked, and can properly flow on port 3389 to your Azure VMs. 

    Next, make sure that you can establish a TCP connection to your VM from your on-premise environment. you can use PSPing or any other TCP ping test. 

    If you are able to reach your VM with a TCP connection but cannot RDP, than the issue is likely with your VM. 

    Friday, October 26, 2018 7:53 PM
  • I would suggest the below 

    > telnet to Azure VM private IP over 3389

    If telnet works, stop and start the VM from Azure portal or a redeploy should fix any issues with the VM. 

    If telnet doesn't work, its an issue with the network. Most probably, subnet advertisement. On azure LNG mention your premises network range. On your premises gateway mention Azure IP address range. 

    Don't forget to mark this as an answer !!

    Thanks.

    • Marked as answer by Jcases Monday, October 29, 2018 8:35 AM
    Sunday, October 28, 2018 2:46 PM

All replies

  • If you are able to reach the VM from the Public IP, but unable to reach it from your S2S VPN, the likely cause is that traffic is being blocked. 

    To start, check routes, Azure NSGs, as well as on-premise firewalls to make sure that traffic is not being blocked, and can properly flow on port 3389 to your Azure VMs. 

    Next, make sure that you can establish a TCP connection to your VM from your on-premise environment. you can use PSPing or any other TCP ping test. 

    If you are able to reach your VM with a TCP connection but cannot RDP, than the issue is likely with your VM. 

    Friday, October 26, 2018 7:53 PM
  • I would suggest the below 

    > telnet to Azure VM private IP over 3389

    If telnet works, stop and start the VM from Azure portal or a redeploy should fix any issues with the VM. 

    If telnet doesn't work, its an issue with the network. Most probably, subnet advertisement. On azure LNG mention your premises network range. On your premises gateway mention Azure IP address range. 

    Don't forget to mark this as an answer !!

    Thanks.

    • Marked as answer by Jcases Monday, October 29, 2018 8:35 AM
    Sunday, October 28, 2018 2:46 PM
  • Hello Again,

    I decided start from scratch and I have created again the Azure configuration on the portal. I think that the Azure side is fine but my question now is, with a router (Dlink-DSR 250n), which is not included on the lists of vpn devices compatibes (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices), can I create manually the connection against my Azure Portal?

    Thanks in advance.

    Wednesday, October 31, 2018 5:38 PM
  • Yes possible !!

    You can use any router to establish a S2S tunnel with Azure. The listed devices are tested and validated for seamless connectivity. 

    Check the below configuration for non-validated devices 

    https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#additionaldevices

    Thanks.

    Sunday, November 11, 2018 4:34 PM