none
VPN Gateway connection status shows "Succeeded" then "Not Connected" RRS feed

  • Question

  • From: Nilesh Maheshwari @binaninilesh_p via Twitter

    Hi There, We are facing issue with VPN Gateway on AZURE. The virtual network gateway connection status shows 'Succeeded' one moment and then says 'Not connected' and it keeps changing that wayAlso, I am on Mac and cannot use PowerShell ... whatever resources I found online to test the setup was all using PowerShell

    Thanks

    @AzureSupport

    Wednesday, July 20, 2016 5:54 PM

All replies

  • Also, I am unable to delete the connection created between virtual gateway network and the virtual local network ...

    Any insights on how to debug this will be really helpful.

    Wednesday, July 20, 2016 7:30 PM
  • Also, I downloaded the network troubleshooting package from here: https://support.microsoft.com/en-us/kb/2996010

    However, it is unable to recognize the virtual network gateway and keeps telling me that no virtual network gateway exists in the virtual network. This isn't true as the virtual network gateway has been deployed ...

    Am I missing anything or doing anything wrong?

    Thursday, July 21, 2016 6:48 AM
  • Hello Nilesh,

    Thank you for posting on the Microsoft Azure forums!

    To begin with are you using a P2S VPN or a S2S VPN. By your description I am guessing this is a Site-to-Site!

    Anyway. How did you create the VPN connection to begin with? Were you able to see the connection type as 'Connected' before or has it been in the 'Not Connected' status from the time you have created it?

    Which deployment mode is it. Classic or Resource Manager?

    When you use the Virtual Network troubleshooting package it needs to have a gateway connection active to detect and troubleshoot issues. Since the Gateway is not in the Connected state this will not initiate. Also, if it is a S2S VPN configuration, you have to make sure that your on-prem VPN devices address space is added into the VNet local network to tell the VNet that these are the allowed set of IPs which can establish a private connection. I would need to know how this VPN configuration was deployed in the first place to assist you further.

    Appreciate your time.

    Regards,

    Loydon

    Thursday, July 21, 2016 2:35 PM
  • Hi Loydon,

    Thanks for your reply and looking into this. Here are the answers to your questions:

    1) It is a site-to-site VPN configuration.

    2) The status of the connection never showed as 'Connected'. However, it occasionally showed 'Succeeded' and then showed 'Not connected'. I haven't seen 'Connected' so far. Also, I followed the instruction on this blog to create the s2s VPN connectivity:

    https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-howto-site-to-site-resource-manager-portal/

    3) It was deployed using the new portal.

    Is specifying IP address range on the local network mandatory? I have not specified that as it did not seem to be mandatory. Pls let me know.

    Regards,

    Nilesh

    Thursday, July 21, 2016 3:44 PM
  • I'm pretty sure it's mandatory, try putting in a broad range for your subnet, like if the PC you're connecting from is 192.168.1.x just put in 192.168.1.0/24. It should show connected right away if your settings match and you configured your firewall correctly with the right settings and pre shared key.
    • Proposed as answer by vijisankar Friday, July 22, 2016 4:23 AM
    Thursday, July 21, 2016 4:56 PM
  • Hello

    Check both connections have the correct virtual network gateways. & Check the pre-shared keys on both connections.

    verify TTL settings for both IPSec phases. Azure and your appliance must have the same values, it has to match Azure

    for configuration you can refer the below links :

    https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpn-devices/

    https://campus.barracuda.com/product/nextgenfirewallx/article/NGX/ConfigAzureVPNGateway/

    https://ranjanajain.wordpress.com/2016/03/03/quick-n-easy-vnet-to-vnet-vpn-from-new-azure-portal-using-gui/

    Hope this helps you 

    Let me know if you need further assistance on this.

    Thanks & Regards

    Vijisankar.

    ____________________________________________________________________________________________
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

    Disclaimer: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    • Proposed as answer by vijisankar Friday, July 22, 2016 4:23 AM
    Friday, July 22, 2016 4:23 AM
  • Hi Nilesh,

    A couple of things to note:

    1. The Portal status is a known issue. We will work with the Portal team to show the correct status.

    2. You must specify address prefix(es) for the local network gateway. Those prefixes represent the on premises ranges that Azure virtual network and gateway will route the traffic via VPN gateway and tunnels.

    3. If you simply could not connect, please open a support request from Azure Portal. Our support team is pretty good in assisting customers on VPN issues.

    Thanks,

    Yushun [MSFT]

    Thursday, February 23, 2017 9:17 PM
  • Hi Yushun,

    I have the same issue but the support team recommends to contact Cisco for support!!

    Monday, March 26, 2018 9:17 PM