Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are experiencing packet drop/connectivity issue while accessing on-premises destination TCP port 3660 from a VM in Azure.
Looking at your verbatim, It looks like you are facing a firewall issue and not a packet drop issue.
The network path is:
VM A -> Palo Alto in Azure (NVA) -> VPN gateway -> On-premises Palo Alto -> VM B (OnPrem server)
To troubleshoot this, I suggested,
- To collect packet captures at every hop above and check if the packet was received in the hop or not.
Also, validate :
- Is the NVA in Azure logging the traffic for destination port 3660.
- Is it visible in NVA and is the NVA allowing the traffic??
- Can you bypass the NVA and give it a try?
- To check NSG , you can either use IP flow verify or NSG diagnostics
- This will "simulate" traffic and will point out if a NSG rule blocks/allows a packet
Meanwhile, you informed us the issue is not reproducible without the NVA in picture, and you have contacted the NVA vendor.
Hope you isolate the issue and resolve it.
Thanks,
Kapil
Please Accept an answer if correct.
Original posters help the community find answers faster by identifying the correct answer.