This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 19%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
Cannot ping on-prem servers on other side of on-prem RRAS server from Azure vms over S2S VPN.
I can ping the RRAS server fine from Azure vms, but not other servers beyond it. I have a static route set on the on-prem RRAS server (a dedicated W2019 server) which allows for communication from Azure vms to on-prem servers, but the on-prem servers cannot respond. The NIC of the RRAS server is 172.1.1.9 (connected to the on-prem network).
Firewall rules are okay. What did I not do?
Shouldn't need the static route.
https://www.dell.com/support/kbdoc/en-us/000118763/configuring-windows-server-2012-r2-as-a-router
here's one I used a while back (but not anything to do with azure)
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello there,
If Ping fails. It can be for many reasons, you can check your on-premise VPN device the tunnel is up and running or not, but probably you need to check the Azure VPN gateway status. If this is also running fine then we need to dig more into it and will have to pull logs to verify and everything.
And if possible, could you check by disabling your security appliance and connecting your on-premise to your Azure VNet directly using S2S. Also, though ICMP should work while connected via a VPN Gateway, it is suggested to use port pings instead of ICMP to test Azure VM connectivity.
Also, you can check whether the Local network is defined properly.
-------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–
Hi,
I would suggest you to check if the Site to site is UP. If the tunnel is UP, then initiate ping and perform a packet capture on both ends and see if the ping is even reaching the other end. If it does and response is not reaching Azure, then check the Rras routing.
If it's other way around that ping is dropping at Azure side, then check the effective routes of your VM and see if you can find the on-Prem routes to VPN gateway.
Regards,
Karthik Srinivas