locked
Can't connect Azure VM to local network through VPN tunneling RRS feed

  • Question

  • I am working from a new Azure account with no services deployed.  My local network is running Windows 2008 R2 servers, one of which is internet facing with a public IP bound to the NIC.  This computer is currently serving as a DirectAccess gateway.  TMG or ForefrontUAG is not installed.

    Problem:  After creating an Azure virtual network and deploying a virtual machine to it, the Azure VM is not able to contact my on-premises local network through the VPN tunnel.  Additionally, the Azure VM does not have internet connectivity at all besides RDP in through the .cloudapp.net address provided.

    I followed the guide to setting up site-to-site VPN tunneling through this post:  http://social.msdn.microsoft.com/Forums/en-US/windowsazureconnectivity/thread/dcff0a03-cbee-4f3c-ae95-ac55bb8782db

    Configuration (Azure):  Virtual Network created with Gateway/VPN connection established through 157.56.166.185 (0B IN, 46KB OUT)

    Address space:  192.168.1.0/24

    DNS Server:  LocalDNS  10.1.10.2

    Local network connectivity:  Connect to the local network=yes

    Gateway subnet 192.168.1.0/24

    Local Networks:  10.1.10.0/24

    VPN Gateway Address:  [50.47.xxx.yyy]

    Configuration (Local):

    C:\Windows\system32>netsh advfirewall consec show rule name=all

    Rule Name:                            Azure Virtual Network Tunnel
    ----------------------------------------------------------------------
    Enabled:                              Yes
    Profiles:                             Domain,Private,Public
    Type:                                 Static
    Mode:                                 Tunnel
    LocalTunnelEndpoint:                  50.47.xxx.yyy
    RemoteTunnelEndpoint:                 157.56.166.185
    Endpoint1:                            10.1.10.0/24
    Endpoint2:                            192.168.1.0/24
    Protocol:                             Any
    Action:                               RequireInRequireOut
    Auth1:                                ComputerPSK
    Auth1PSK:                             [hidden]
    MainModeSecMethods:                   DHGroup2-AES128-SHA256,DHGroup2-AES128-SHA
    1,DHGroup2-3DES-SHA1
    QuickModeSecMethods:                  ESP:SHA1-None+60min+102400000kb,AH:SHA1+60
    min+100000kb,ESP:SHA1-AES192+60min+102400000kb,ESP:SHA1-AES128+60min+100000kb
    ExemptIPsecProtectedConnections:      No
    ApplyAuthorization:                   No
    Ok.

    I am completely out of ideas on how to make this work, as I've tried this multiple times and no errors exist as far as I can tell.  Also, the hotfix was applied.  Can anyone help me figure this out?

    Thursday, November 1, 2012 4:15 AM

Answers

  • Hello thomasdye,

    Thank you for posting your question here.

    While that isn't an officially supported scenario today, it may still work in some scenarios.

    We would need to get some details and work with you directly on it.

    Please send me an email to iaasforum@microsoft.com along with the following information:
    1. The title of this post in the subject line
    2. Your first and last name and Live ID
    3. A link to this forum post
    4. Your subscription ID
    5. An export of your Virtual Network from the portal (XML file).

    Is your on-premises Windows 2008 R2 server running in a VM or bare metal?

    Thanks,

    -Steve

    Thursday, November 1, 2012 9:37 PM
  • Follow up answer from private troubleshooting:

    Cause: Routing issues on local network prevented traffic from being sent back across Brooklyn connection

    Resolution: Created static route on local DC that referred to appropriate gateway server for traffic destined to cloud network

    Thursday, November 29, 2012 11:46 PM

All replies

  • Hello thomasdye,

    Thank you for posting your question here.

    While that isn't an officially supported scenario today, it may still work in some scenarios.

    We would need to get some details and work with you directly on it.

    Please send me an email to iaasforum@microsoft.com along with the following information:
    1. The title of this post in the subject line
    2. Your first and last name and Live ID
    3. A link to this forum post
    4. Your subscription ID
    5. An export of your Virtual Network from the portal (XML file).

    Is your on-premises Windows 2008 R2 server running in a VM or bare metal?

    Thanks,

    -Steve

    Thursday, November 1, 2012 9:37 PM
  • Email sent.  I've seen this question asked in one form or another several times, so hopefully we can find some sort of resolution.  My on-premises Windows 2008 R2 server is a VM.
    Friday, November 2, 2012 2:59 AM
  • Got it. We're working on getting you assistance.
    Friday, November 2, 2012 11:11 PM
  • Follow up answer from private troubleshooting:

    Cause: Routing issues on local network prevented traffic from being sent back across Brooklyn connection

    Resolution: Created static route on local DC that referred to appropriate gateway server for traffic destined to cloud network

    Thursday, November 29, 2012 11:46 PM