Share via

cannot ICMP or Route to any subnets from on premises through express route

Gamal Joseph 0 Reputation points
2024-09-05T15:31:03.0033333+00:00

We have a connection from our On-Prem data center to Azure using express route. I can ping the peer IP address and see the neighbor from on premises router using #sh ip bgp neighbor and #sh ip bgp summary. I am trying to ping a VM in a created subnet and unable to. When I run #traceroute 10.100.0.132 (the VM ip), it traverses to the private IP address on Azure side and stops. We never get to the gateway IP 10.100.0.0/16 and never get to the VM IP. is there something I forgot to add?

Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
379 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganesh Patapati 810 Reputation points Microsoft Vendor
    2024-09-06T13:20:40.94+00:00

    Hi Gamal Joseph,

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    This suggests that there's a routing issue or a missing configuration that's preventing the traffic from reaching the VM.

    Possible causes:

    1. Missing route propagation: Ensure that the routes from the on-premises network are being propagated to Azure via BGP. Verify that the BGP peering is established, and the routes are being advertised correctly.
    2. Incorrect subnet configuration: Double-check that the subnet configuration in Azure is correct, and the VM is properly associated with the subnet. Ensure that the subnet is configured to use the correct route table and that the route table is propagating the routes correctly.
    3. Azure Firewall or NVA configuration: If you're using an Azure Firewall or a Network Virtual Appliance (NVA), ensure that it's configured to allow traffic from the on-premises network to the VM.
    • Ensure that the VM's IP address is not private and is reachable from the on-premises network. If the VM's IP address is private, you may need to configure a public IP address or use a load balancer to expose the VM to the on-premises network.

    Refer: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-troubleshooting-expressroute-overview

    If you are still facing any further issues, please don't hesitate to reach out to us. We are happy to assist you.

    Looking forward to your response and appreciate your time on this.

    If the above response helps answer your question, remember to "Accept Answer" and "Upvote it" so that others in the community facing similar issues can easily find the solution.

    Your contribution is highly appreciated.

    Regards,

    Ganesh

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.