Trouble Connecting New On-Prem VLAN to Azure VPN Tunnel

By
Simon Furrel
-
0
8
Asked By TechWizard42 On

I've successfully set up a VPN tunnel between my on-premises site and Azure for a while now, and I can connect to a VM in Azure without any problems. However, I'm trying to connect from a different VLAN on my on-premises network to the same VM in Azure, but I'm running into issues. I've added the address space for this new VLAN to the Local Network Gateway in Azure, but it's still not working.

I can't ping from the Azure VM to any VM in the new on-prem VLAN, although I can ping other on-prem VMs from the Azure VM that are in the original IP scope. The same problem occurs when trying to send traffic from on-prem to Azure; it works for the original scope but not for the new VLAN. I've checked the local firewall, and I don't see anything blocking the traffic, as pings from the new VLAN to Azure are going through the same tunnel as those from the original VLAN and are being allowed.

I feel like I'm missing something here. The routes on my on-prem firewall seem correct. Any insights on what else I could check?

4 Answers

Answered By CodeCracker88 On

It sounds like you've done the basics, like adding the new VLAN address to the Local Network Gateway. Are you checking if there's a Network Security Group (NSG) or firewall on the Azure VM that could be affecting traffic? Make sure the VMs are in the same virtual network as the VPN Gateway or a peered one. Also, double-check that your on-prem firewall has all the correct routes and allow rules set up.

Answered By CloudCoder99 On

In my experience, Azure doesn’t create Route Tables automatically. You might need to create one and associate it with the subnets where your Azure resources are located. Make sure your new VMs have IP Forwarding enabled too, as that could be blocking responses. Adding a temporary ACCEPT ALL rule on the security group might help you identify if that's the issue.

Answered By SecurityGuru15 On

Just a heads up, I’m starting to think this might actually be a firewall issue after all. I've been doing more testing and now I'm seeing traffic in the on-prem firewall logs, which is a good sign!

Answered By NetworkNinja51 On

You might want to perform a tcpdump on the receiving Azure VM to see if the ICMP traffic is actually reaching it. This can help pinpoint if the issue is on the Azure side or if it’s an on-prem firewall problem.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.