Azure VPN and Routing to Onprem Network

rr-4098 1,321

Right now we have a very simple hybrid setup for Azure. We are using Azure VPN to connect to our onprem network. All Azure VM's can ping onprem servers, but onprem cannot reach Azure ping, RDP etc.... In Azure do I need to create a UDR with the destination of Virtual Gateway Network so traffic knows how to get back onprem? Please note, we only have one vNet.

KapilAnanth-MSFT 41,491 Reputation points Microsoft Employee

2022-10-17T06:57:02.243+00:00
Hi @rr-4098 ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that Azure to OnPrem connectivity is working but OnPrem to Azure is failing in your VPN connection

I agree with @msrini-MSFT , if you are able to ping an OnPrem machine and get a response back (i.e, ICMP Echo Request and Echo Reply) , this means that there is no routing issue between the two.

Can you please check the following,

InBound NSG on Azure VNet and Azure VMs allow traffic from OnPrem address range.

There are no OS level firewall blocks on Azure VMs

From Azure to OnPrem machine, please do a telnet or SSH/RDP and see if it succeeds.

Cheers,
Kapil
Bradley Drake 0 Reputation points

2023-09-26T16:05:45.6466667+00:00

Having a similar issue. Azure to on prem works fine. On prem to Azure does not work. I add a specific route to the UDR attached to the gateway sub, and this will allow comms both ways, but it does stop the azure's vm egress internet traffic via a cloud proxy. Anyone seen this?
KapilAnanth-MSFT 41,491 Reputation points Microsoft Employee

2023-09-27T05:33:48.3633333+00:00
Bradley Drake ,

You do not have to add any route table to the Gateway subnet.

Can you be more specific on what your configuration is?

I am not sure what do you refer by "azure's vm egress internet traffic via a cloud proxy"

Cheers,

Kapil
Bradley Drake 0 Reputation points

2023-09-29T16:21:25.56+00:00

Thanks Kapil,

Resolved the issue.

Accepted answer

msrini-MSFT 9,276 Reputation points Microsoft Employee

2022-10-15T18:21:44.223+00:00

Hi,

If you are able to reach On-Prem via Azure VM, that means there are no IP connectivity issue. It might be with the Windows Firewall or NSG or your On-Premises firewall which might be blocking the ICMP packets. Can you try to perform any Layer 4 connectivity test like telnet on RDP or SSH ports ?

Regards,
Karthik Srinivas
Please sign in to rate this answer.
rr-4098 1,321 Reputation points

2022-10-15T18:34:38.063+00:00

Stupid question, but with no UDR in place, how does Azure know how to route the traffic back onprem?

msrini-MSFT 9,276 Reputation points Microsoft Employee

2022-10-15T20:12:24.28+00:00

You will define your On-prem address range in your Local network gateway. That will populate your on Prem routes to the vnet resources.
Sign in to comment

Share via

Azure VPN and Routing to Onprem Network

0 additional answers