This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 9%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
I have the following 3 tasks
1) Configure a Hub and Spoke architecture in Azure
2) Connect Azure and GCP using a VPN
3) Make the Hub and spoke networks/VNets from Azure reachable from GCP
Step 1 is done.
Hub and Spoke connectivity is working. I can ping both spokes from the hub vm VM name --> in-net, VM IP --> 172.29.0.4
in-net:~$ ping 172.30.0.4
PING 172.30.0.4 (172.30.0.4) 56(84) bytes of data.
64 bytes from 172.30.0.4: icmp_seq=1 ttl=64 time=2.25 ms
64 bytes from 172.30.0.4: icmp_seq=2 ttl=64 time=1.77 ms
in-net:~$ ping 172.31.2.4
PING 172.31.2.4 (172.31.2.4) 56(84) bytes of data.
64 bytes from 172.31.2.4: icmp_seq=1 ttl=64 time=2.81 ms
64 bytes from 172.31.2.4: icmp_seq=2 ttl=64 time=1.61 ms
Step 2 is done. A Classic VPN from GCP and a Virtual Network Gateway from Azure are configured. A local network gateway and a connection are created in Azure too.
From GCP VM (instance-1, 10.10.0.2) I can ping HUB VNet's VM
instance-1:~$ ping 172.29.0.4
PING 172.29.0.4 (172.29.0.4) 56(84) bytes of data.
64 bytes from 172.29.0.4: icmp_seq=1 ttl=63 time=13.2 ms
64 bytes from 172.29.0.4: icmp_seq=2 ttl=63 time=10.8 ms
and from HUB VNet's VM, I can ping GCP VM
ping 10.10.0.2
PING 10.10.0.2 (10.10.0.2) 56(84) bytes of data.
64 bytes from 10.10.0.2: icmp_seq=1 ttl=63 time=14.1 ms
64 bytes from 10.10.0.2: icmp_seq=2 ttl=63 time=10.8 ms
But when I try to ping the spoke VM IPs from GCP, I cannot
instance-1:~$ ping 172.30.0.4
PING 172.30.0.4 (172.30.0.4) 56(84) bytes of data.
^C
\--- 172.30.0.4 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2050ms
instance-1:~$ ping 172.31.2.4
PING 172.31.2.4 (172.31.2.4) 56(84) bytes of data.
^C
\--- 172.31.2.4 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2050ms
Although on GCP side, the routes are configures to use the VPN to reach Azure spoke networks.
Is there something missing from a config perspective ?
you need allow gateway transit
Use this option on vnet-peering
Get in touch if you need more help with this issue.
--please don't forget to Accept as answer if the reply is helpful--
It seems that everything is ok, the ping goes to the GSP, make sure the NSG and windows Firewall rules allowing inbound from the 10.10.0.0/16 network.
if everything is ok with the firewall rules,
send an image of the routing table of the networks in azure.
Get in touch if you need more help with this issue.
--please don't forget to Accept as answer if the reply is helpful--
I already know what happened, you need allow gateway transit
When you configure vnet-peering you need to add the option use virtual network gateway
Get in touch if you need more help with this issue.
--please don't forget to Accept as answer if the reply is helpful--
Thanks for your reply. Below you can find the FW rules applicable on one of the Spoke VMs
It allows all traffic from GCP's VPC IP range.
Can you guide me as to how to see the routing table for a network ?
Also I cannot ping the GCP VM from a spoke VM
im-in-test-node:~$ ping 10.10.0.2
PING 10.10.0.2 (10.10.0.2) 56(84) bytes of data.
^C
\--- 10.10.0.2 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5112ms
Azure portal -> Vnet -> networking -> select network interface -> on left size click in effective routes
As part of my Local Gateway Network in Azure, I have added the GCP IP range as the "Address Space(s)"
On virtual network gateway, can you send the Packet capture (option under support, option gateway packet capture)
After start capture, make a ping test to see the packet inboud.
Get in touch if you need more help with this issue.
--please don't forget to Accept as answer if the reply is helpful--