How do we connect Service fabric cluster from Onprem VPN through S2S connection

Question

How do we connect Service fabric cluster from Onprem VPN through S2S connection

Selvaraj 0

Hi Team,

We have a service fabric cluster with single node. We tried to connect the On prem VPN server through S2S connection. Now the connection was succeed and can able to ping the OnPrem network Ip address from the VMSS instance through RDP. But we can not ping the SFC Cluster VMSS instance ip address from the On prem firewall

Thanks

Selva

1 answer

Your answer

Answer 1

Hello @Selvaraj

If you have successfully established a Site-to-Site (S2S) VPN connection between your Azure virtual network and your on-premises network, but you are unable to ping the Service Fabric Cluster (SFC) VMSS instance IP address from the on-premises firewall, there are a few things you can check:

Check the network security group (NSG) rules: Make sure that the NSG rules for the SFC VMSS instance allow inbound traffic from the on-premises network. You may need to create a new NSG rule to allow traffic from the on-premises network.

Check the routing table: Make sure that the routing table for the SFC VMSS instance is configured correctly. The routing table should include a route to the on-premises network through the VPN gateway.

Check the VPN gateway configuration: Make sure that the VPN gateway is configured correctly and that the on-premises firewall is configured to allow traffic from the Azure virtual network. You may need to configure the VPN gateway to allow traffic from the on-premises network.

Check the on-premises firewall configuration: Make sure that the on-premises firewall is configured to allow traffic from the Azure virtual network. You may need to create a new firewall rule to allow traffic from the Azure virtual network.

Check the VPN connection status: Make sure that the VPN connection is established and that there are no errors or warnings in the VPN connection logs. You can check the VPN connection status in the Azure portal.

If you have checked all of these items and are still unable to ping the SFC VMSS instance IP address from the on-premises firewall, you may need to contact Microsoft support for further assistance.

If this does answer your question, please accept it as the answer as a token of appreciation.

Selvaraj 0 Reputation points

2023-06-20T06:39:07.8133333+00:00

Hi @Prrudram-MSFT

I have added the NSG rule to allow the Inbound traffic from Onprem network as below. but still we can not able to ping the VMSS instance ip from Onprem firewall

This is the route which i added in the route table associate with VMSS subnet
Prrudram-MSFT 28,281 Reputation points Microsoft Employee Moderator

2023-06-23T19:04:33.0166667+00:00

Selvaraj

Did you check that the on-premises firewall is configured to allow traffic from the Azure virtual network. You may need to create a new firewall rule to allow traffic from the Azure virtual network.?

if yes, and still got the issue, it needs deeper investigation, Azure technical support team will be able to check and help on this. I would recommend you open an azure support case. If you don't have the ability to open a technical support ticket, please let me know and I can help you further with this.

Share via

How do we connect Service fabric cluster from Onprem VPN through S2S connection

1 answer

Your answer