Site to Site Connect Error.

Question

Hello,

I got an issue with azure vpn setting.
Our windows 2008 R2 vm in azure can not ping to gateway ip on azure virtual network.

1. The title of this post in the subject line : Unable to connect to new linux VMs
2. Your first and last name : SungBae.Han
3. Even after doing configuration as per the link below
https://www.windowsazure.com/en-us/manage/services/networking/cross-premises-connectivity/

4. Your Subscription Id : a497cbd9-7492-494f-88be-9b687287e9df
5. Deployment Id : 47a55325f18149a9bf011cb89b04f705

6. VPN Device Info : Cisco ISR 14.0

7. On-Premises Client IP Area

203.246.128.0
255.255.224.0

8. the step of the problem has occurred

1) Set a Virtual Network in Azure

[ Address Space ]

Address Space : 10.24.0.0/16

[ Subnets ]

FrontEndSubnet : 10.24.2.0/24
BackEndSubnet : 10.24.3.0/24
ADDNSSubnet : 10.24.4.0/24

GatewaySubnet : 10.24.1.0/24

2) Makle Windows 2008 R2 VM from Gallary.

VM : 10.24.2.4

3) Connect VM terminal console, and route print on command console.

gateway ip : 10.24.2.1

So i try to ping gateway ip, but it can't.
tracert command is same.

-------------------------------------

Still, my vm can not connect on-premises site in vpn.
First, my vm can not ping to gateway in azure.

how can i do it?

Regards,

Answer 1

Hello SungBae,

Thank you for using Windows Azre and the detailed information in your post.

The first thing you should know is that Virtual Network routers/gateways do not respond to ICMP so this significantly reduces the effectiveness of tracert and ping as test tools. However, ICMP does get routed so other hosts can still respond to it as long as the host firewall allows it (Windows blocks it by default too).

What is the status of the Gateway in the Portal? Does the Portal say it is "Connected"? Since, you already proceeded to test the connectivity, I'm assuming that your gateway is in the "Connected" state. If so, the most common problem is either routing or firewall. Make sure that your on-premises network address space is listed correctly as a "Local Network" in the Portal. This informs the portal to send that traffic across the tunnel. Similarly, make sure that your on-premises hardware is aware of your Windows Azure address space.

Or is the gateway status "Connecting"? This is most likely a configuration problem on the VPN device. Often a setting was overlooked or another policy is taking precedence over this connection.

Let me know the state of Gateway and with that I can give you more detailed guidance.

-Steve Espinosa

Answer 2

Dear Steve Espinosa,

Ref.URL : http://social.msdn.microsoft.com/Forums/ko-kr/azureko/thread/06c9c32e-b4b4-494c-b10a-b2da5fd1de4d

in the VPN detail information screen, Gateway is not show problem.

just can not connect Gateway to VPN.

in the VPN section status is "connecting".

Then is it maybe problem from vpn configuration or on-premises configuration of security environment ?

Regards,

------------------

Append...

in the Virtual Network Detail screen, show event message...

"Last Gateway EventThe connectivity state for the local network site hjpocHQ changed from Initializing to Connecting. 9/24/2012 9:48:11 AM"