Azure AWS On-Prem Site to Site

Question

We are testing azure as part of our strategy into multiple cloud. We want to achieve interconnectivity between azure, aws and on premise data center.

Currently we succeed to Setup site2site between azure and aws. we already had direct connection between aws and onprem. Subnet propagation also distributed to azure, aws and onprem.

The problem is we are unable to ping between machine in azure and onprem machine. So far we already check:

• icmp allowed
• vm in azure to vm in aws success
• vm in aws to vm in onprem success
• vm in azure to vm in onprem failed

any suggestion where to look?

Answer 1

@RIZKI RIVAI ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to achieve connectivity between

• Azure <---- VPN ----> AWS <---- Direct Connection ----> OnPrem

and you are able to connect from a VM in Azure to VM in AWS.

Doesn't this mean VPN Connectivity part between Azure and AWS is correct?

• I think you should check with the third party cloud provider (AWS) on how to achieve transit connectivity as the AWS is in the centre.
• From Azure end, as long as you are advertising the OnPrem address range via the VPN Connection, Azure will send the traffic via the VPN Gateway to AWS
• However, from AWS to OnPrem - I am afraid experts in Microsoft Q&A forum may not be able to make any comments or remarks.
• To check whether or not OnPrem address range is advertised to Azure via the VPN Gateway,
  • From a VM in Azure, check Effective Routes
  • If you see OnPrem address range with nextHop as VNET Gateway, then configuration from Azure end is correct.
  • If not, in the LNG, make sure you add the OnPrem address range and make sure you are advertising the OnPrem address range from AWS side as well.

Hope this helps.

Cheers,

Kapil