2 VMs on same subnet behind NVA with UDR RRS feed

  • Question

  • I have 2 subnets each with one VM behind an NVA and the NVA is in its own subnet.  I have a route table configured with both subnets and a default route all pointing to the NVA IP as the next hop address.  The NVA is forwarding packets between the subnets through the same interface fine and the first VM in each subnet can access the Internet through the NVA.

    When I add a second VM to either subnet the VM can route to the other subnet behind the NVA but it will not route to the NVA for Internet access.  I know it is getting stopped at the Azure transit router before the NVA because I never see traffic from the second VM on the NVA internal interface for Internet access.  If I move the second VM to a new subnet behind the NVA then I can access the other two VMs in the other 2 subnets and I can access the Internet.  I can also access the Internet from 2 VMs inside one subnet if I remove the default route from the route table.  Then of course it is not going through the NVA and instead out the Azure network to the Internet.

    Wednesday, January 15, 2020 3:48 AM

All replies

  • If you have a UDR that sends traffic to your NVA, it is extremely rare for the UDR to not be functioning properly. I would start by making sure that your NVA is properly processing the traffic, and that there is not an issue with one of your subnets, your NVA, and outbound internet access. 

    You can use Azure Network Watcher's IP Flow Verify to check for any routing issues with UDRs and NSGs. 

    Wednesday, January 15, 2020 9:17 PM
  • Hello,


    If you think your question has been answered, please click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.


    Best regards


    Tuesday, January 28, 2020 7:20 AM