Share via

Site to Site VPN Connection

Amarjeet Saini 20 Reputation points
2023-12-18T03:41:25.3733333+00:00

Greetings!

I have some issues connecting the on-prem VM from Azure VM. No RDP and no ping of any VM running on on-prem network. But I am able to access Azure VM from an On-Prem vm without any issue.

Basically, what i am trying to achieve? I want to create a domain controller in Azure cloud and then join that DC to on-prem current Active Directory forest and the same domain.

Following my current infrastructure setup on-prem and Azure

--Site-to-site VPN tunnel between on-prem cisco firewall and VPN gateway.

--VPN Gateway and Azure Firewall are in same virtual network

--Another Azure virtual network for VMs. Peering is creating between both virtual network.

--NSG is connected with VMs subnet.

I have created all requiredd routes but still having this issue. what other settings i need to do to access on-prem vms from azure network. Please advise.

Thanks in Advance!!

AM

Windows for business | Windows Server | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Silvia Wibowo 6,046 Reputation points Microsoft Employee Volunteer Moderator
    2024-01-03T22:15:03.2733333+00:00

    Hi @Amarjeet Saini , I understand that you've set up VPN site-to-site between Azure and on-prem network. You can reach Azure VM from on-prem but you can't do it the other way around.

    For Azure VM to be able to reach on-prem network, if your VM is not in the same Vnet (virtual network) as your VPN gateway, you need to create a route table to let your VM know where to go, which is to use virtual network gateway (your VPN gateway).

    First step: Your peering connection needs to reflect the correct setup. Let's say your setup is similar to this:

    Vnet Hub (where your VPN gateway is) -----peering----- Vnet B (where your Azure VM is)

    Peering of Vnet Hub to Vnet B - use local gateway, allow gateway transit.

    Peering of Vnet B to Vnet Hub - use remote gateway.

    Reference: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview#gateways-and-on-premises-connectivity.

    Second step: Create a new Route Table then add an entry to the route table:

    Address prefix: your on-prem (eg. 192.168.0.0/16); Next hop: Virtual Network Gateway

    Then associate the route table to your VM's subnet.

    Third step: make sure there is no firewall blocking the connection, whether on-premises firewall, Azure NSG, or on-prem Windows firewall.

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.