none
I set up 2 IPSec tunnels between Azure and My local routers, but cannot get to the resources in Azure. RRS feed

  • Question

  • I set up 2 different tunnels, their state is Connected, but I can`t ping any resource in Azure. I suppose it is because I did not set up any routes. I didn't find any information about where and how I need to configure routes? Each tutorial that I find did not mention any routes configurations. Can someone help me whit this?

    As local routers, in different locations, I use Mikrotik and Fortigate.

    Thursday, September 19, 2019 3:24 PM

Answers

  • Hi, 

    Are you using Azure VPN gateway or any 3rd party NVA to build tunnel between Azure and On-Premises?

    Based on the above questions, the answer differs. 

    If it is Azure VPN gateway, then you will be defining remote address in Local Network Gateway which will be pushed to all the VMs the VNET by the platform itself. 

    If you are using 3rd party NVA, then you need to add a User defined routes to forward packets from the VMs to your NVA. 

    Regards, 

    Msrini

    Thursday, September 19, 2019 9:09 PM
    Moderator
  • In On-Premises you need to add only the entire address space of the VNET as the remote address space. 

    You don't need to add any route table in Azure or any firewall rules on Azure to connect to On-Premises. 

    Let me know if you have any further questions. 

    Regards, 

    Msrini

    Friday, September 20, 2019 4:54 AM
    Moderator
  • Fortigate works after I spesify remoute and local address in IPSec tunel properties.


    With Mikrotik I still have issues, when I find solution I post it here.

    Friday, September 20, 2019 6:49 AM

All replies

  • Hi, 

    Are you using Azure VPN gateway or any 3rd party NVA to build tunnel between Azure and On-Premises?

    Based on the above questions, the answer differs. 

    If it is Azure VPN gateway, then you will be defining remote address in Local Network Gateway which will be pushed to all the VMs the VNET by the platform itself. 

    If you are using 3rd party NVA, then you need to add a User defined routes to forward packets from the VMs to your NVA. 

    Regards, 

    Msrini

    Thursday, September 19, 2019 9:09 PM
    Moderator
  • I use Azure VPN Gateway. In Local Network Gateway, for example, i set address space 192.168.0.0/24. 

    What about routes from my On Premise location?
    If my Virtual network is 10.10.0.0/16 and Gataway Subnet is 10.10.0.0/24, and subnet for VM is 10.10.1.0/24. From On Premise i need to add route only to 10.10.0.0/16 and as next hop spesify interface of IPSec tunel?

    Or i need to add route to Gateway Subnet?

    And do i need to configure additional firewal rulles on Azure to connect to VM`s from 192.168.0.0/24?

    Friday, September 20, 2019 4:50 AM
  • In On-Premises you need to add only the entire address space of the VNET as the remote address space. 

    You don't need to add any route table in Azure or any firewall rules on Azure to connect to On-Premises. 

    Let me know if you have any further questions. 

    Regards, 

    Msrini

    Friday, September 20, 2019 4:54 AM
    Moderator
  • Thank you.
    Friday, September 20, 2019 6:03 AM
  • Hi, 

    If the above response helped you, please mark it as answer to help other community members. 

    Regards, 

    Msrini

    Friday, September 20, 2019 6:24 AM
    Moderator
  • Fortigate works after I spesify remoute and local address in IPSec tunel properties.


    With Mikrotik I still have issues, when I find solution I post it here.

    Friday, September 20, 2019 6:49 AM