Share via

After setting up a site-to-site vpn connection with my azure windows vm, I am unable to connect using RDP with VM's private IP address.

Naj Shahid 0 Reputation points
2023-10-03T02:06:31.4266667+00:00

I created a site-to-site vpn connection to connect my on-prem network to Azure. My on-prem router is Synology RT6600ax and I followed the configuration listed in these articles to set everything up:

https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

https://kb.synology.com/en-global/SRM/tutorial/How_to_set_up_Site_to_Site_VPN_between_Synology_Router_and_MS_Azure#x_anchor_id9

The connection status on both ends (Azure and on-prem) shows "Connected".

However, I am not able to connect via RDP to my VM using the private IP address. The error I get is "Make sure the remote computer is turned on and connected to the network, and that remote access is enabled".

At the same I am successfully able to RDP to the same VM using the public IP address.

I also enabled the OpenSSH Server service on the VM and then tried connecting via SSH from both a mac and windows machine and in both cases I am getting an error "port 22: operation timed out".

Not sure if this is an issue but my azure vpn gateway and the VM are in two different subnets.

Really at my wit's end to understand what is going on here. Please share any advice or recommendations you have. Thanks in advance!

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,461 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,312 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,406 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,276 Reputation points Microsoft Employee
    2023-10-03T08:01:52.8833333+00:00

    Hi,

    1. Can you navigate to your VM's NIC on the portal and check on effective routes and check if you are able to see your On-Prem route next hop as VPN gateway ? --> If yes, this confirms that the configs on Azure end is good and routing is in place. If not, you will need to fix this by looking at the Local Network Gateway that you have created.
    2. Make sure that the NSG is not blocking any traffic on port 22 or 3389 to which you are trying to connect.
    3. Try to perform a ping from On-Prem to Azure VM's Private IP to check if the ping is working.
    4. If none of the above works, then it might be an IPSec problem where the Phase 2 is up but the SAs are not formed and packets are not flowing through.

    Regards,

    Karthik Srinivas

    0 comments