Search code examples
azureazure-virtual-machineazure-virtual-networkazure-vpn

ON Premises connectivity issue from Azure (using site-to-site connectivity)

I had recently bought Azure subscription and I have created a site-to-site VPN connectivity between the azure network & the Enterprise network. The connectivity shows as successful in the virtual network dashboard & the enterprise VPN gateway logs. We have configured the Virtual address space & the onPremises local network as mentioned in the bottom

Issue

  • The connectivity between azure & enterprise network shows successful in the dashboard but when we try reaching the enterprise ip 116.197.178.5 we are unable to reach the IP, tried via nmap, ssh etc.

  • From the **(Ubuntu Linux)**VM we are able to reach the internet but have issues with the enterprise connectivity.

  • The same configuration was working in march 2014 when we had tried using the Free Azure trial account. Looks like there has been a change in Azure services sometime during march 2014

  • I don't see anyways to debug this issue

  • I had followed the doc in msdn site (Configure a Site-to-Site VPN in the Management Portal)

Help

  • Can someone tell me whether I'm doing anything wrong

  • Is there a way I can debug this issue

Device Route info

Kernel IP routing table 

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         **10.2.1.1**    0.0.0.0         UG    0      0        0 eth0
default         10.2.1.1        0.0.0.0         UG    100    0        0 eth0
10.2.1.0        *               255.255.255.0   U     0      0        0 eth0

Local network

  <LocalNetworkSite name="EnterpriseNetwork">
    <AddressSpace>
      <AddressPrefix>10.1.0.0/16</AddressPrefix>
    </AddressSpace>
    <VPNGatewayAddress>xxx.197.179.249</VPNGatewayAddress>
  </LocalNetworkSite>

Virtual network

  <VirtualNetworkSite name="Azure-network" Location="Southeast Asia">
    <AddressSpace>
      <AddressPrefix>10.2.0.0/16</AddressPrefix>
    </AddressSpace>
    <Subnets>
      <Subnet name="FrontEndSubnet">
        <AddressPrefix>10.2.0.0/24</AddressPrefix>
      </Subnet>
      <Subnet name="BackEndSubnet">
        <AddressPrefix>10.2.1.0/24</AddressPrefix>
      </Subnet>
      <Subnet name="ADDNSSubnet">
        <AddressPrefix>10.2.2.0/23</AddressPrefix>
      </Subnet>
      <Subnet name="GatewaySubnet">
        <AddressPrefix>10.2.4.0/29</AddressPrefix>
      </Subnet>
    </Subnets>
    <DnsServersRef>
      <DnsServerRef name="GoogleDNS" />
    </DnsServersRef>
    <Gateway>
      <ConnectionsToLocalNetwork>
        <LocalNetworkSiteRef name="EnterpriseNetwork">
          <Connection type="IPsec" />
        </LocalNetworkSiteRef>
      </ConnectionsToLocalNetwork>
    </Gateway>
  </VirtualNetworkSite>
Solution

  • Rosh,

    The IP 116.197.178.5 is a public IP address and should be routed via the internet connections on your VMs (asusming you haven't hardcoded the route table otherwise).

    Your private on-premse network is 10.2.0.0/24 and would be the only range that should be being routed via your VPN (again, assuming you haven't played with the route tables on your Azure VMs).

    It sounds like you might be trying to route traffic to 116.197.178.5 via your VPN connection which would require you to hardcode the route to be via your local VPN gateway (and not the one to the Internet).

    Hope this makes sense. Simon.