Azure - Multiple VPNs down to Mainland China

Question

Azure - Multiple VPNs down to Mainland China

CSPI Cloud Admin 1

Good morning, we've been troubleshooting connectivity issues to several sites all of which are based in mainland China. Other offices in the United States are still operating fine

Azure reports "The connection cannot be established because the other VPN device is unreachable. If the on-premises VPN device is unreachable or not responding to the Azure VPN gateway IKE handshake, the VPN connection cannot establish." despite the public IP addresses being reachable.

I'm trying to get confirmation from our local contact and their ISP to determine if there may have been changes in the internet policy and what's allowed over there but its a slow process with language/time zone barriers. Has anyone else had any issues with connectivity recently? Unrelated, but I've also noticed that those sites lost internet connectivity as they were using cloudflare as DNS which also became unreachable on port 53 at the same time.

KapilAnanth 49,876 Reputation points Moderator

2022-12-12T05:33:52.013+00:00
Hi @CSPI Cloud Admin ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are facing connectivity issues between your OnPrem device and Azure VPN Gateway.

I see you have mentioned that this issue has happened only with sites from Mainland China.

May I ask how you are checking the connectivity to the OnPrem devices?

Is it from an Azure VM in the same region as the VPN Gateway resides? What port are you using for telnet check?

Did you get any updates from your ISP on this behavior? It is quite possible that certain Ports/IPs were blocked

As you have stated you also experience DNS issues with a different DNS server, it is possible that there has been some configurational changes from ISP side

Cheers,
Kapil