My Azure VMs lost internet Connectivity. No changes have been made on the network or off. Help?

Alvaro Amaya 20 Reputation points
2023-05-10T20:10:31.5566667+00:00

We are a small shop with lots of access. We are jack of all trades, master of none. I am the System Admin, Network Engineer, Security Analyst, etc. etc. Again: Master of none.

I need help diagnosing an issue we are having. Our Azure VMs lost internet connectivity. They have a private IP address that is routed through a Tunnel to our internal network. The VMs can ping everything inside the network to include our DNS servers and our CiscoASA (firewall.) The VMs do not have an external IP address.

The DNS exists in our internal network. Our interneal machines are all connecting to the internet. I tried changing the Azure VMs DNS settings to 8.8.8.8 but it did not change anything. I turned off the Windows firewall but it did not affect anything. We did not modify any firewall rules or routes recently.

Help!

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,165 questions
0 comments
Accepted answer
  1. Priya Kumar 1,096 Reputation points Microsoft Employee
    2023-05-11T03:41:03.13+00:00

    Hello @Alvaro Amaya

     

    Thanks for reaching out to Microsoft Q and A platform.

     

    Here are the few suggestions you could check in troubleshooting this issue.

     

    ·       By the description assuming there is a Tunnel created from Azure to on premise Servers, and Internet traffic exit from the on-premises.

    ·       First check could be to understand what the “Internet” traffic flow from the VM is, and what are the hops involved.

    ·       Please use tools like Next Hop and Connection Monitor from “Network Watcher” which would give more insight on which hop the issue is:User's image

    ·       Document: Tutorial: Diagnose a VM network routing problem - Azure portal - Azure Network Watcher | Microsoft Learn

    ·       On the Virtual Machine, please do perform “nslookup” on the source VM, if the URL is resolvable, then issue is not with the DNS. If so then changing the DNS server will not fix the issue.

    For example:User's image

    CONCLUSION:

    ·       If in above tests and find you see that the internet traffic is not locked within Azure and if its been sent to the on-premise, then concentration of troubleshooting must be with the devices in On-premise.

    ·       For further detailed analysis to track the Packets, you could take the “network packet capture” at all the hops, while establishing TCP traffic towards internet IP.

     

    Regards,

    Priya Kumar

     

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  2. Alvaro Amaya 20 Reputation points
    2023-05-11T20:19:58.8166667+00:00

    The issue was found to be within the NAT rules in our firewall. Our network vendor was seeing Private IP addresses trying to connect to the internet and blocked them. Once we had proper NAT rules setup, the internet traffic was restored.

    0 comments