Azure virtual network gateway (Point to Site) does not respond to client connections

Rakesh Musalay 1 Reputation point
2020-12-18T19:49:36.123+00:00

Hello,

I am trying to bring up an IKEv2 client connection from a linux strongswan machine to a point-to-site configured azure virtual gateway. I followed all the instructions to setup the network resources and the virtual gateway with P2S azure cert auth, but I see that the gateway does not respond to the client at all. The client keeps sending ISAKMP packets to the gateway, but the gateway does not respond.

Can anyone please let me know what I maybe missing? Could it be some ports are blocked on the Azure side ? I did a health check on the gateway and it seemed to pass with no issues.

Thanks! Rakesh

root@ubuntu:~# ipsec up azure
initiating IKE_SA azure[1] to 52.xxx.xxx.xxx
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.225[500] to 52.xxx.xxx.xxx[500] (1128 bytes)
retransmit 1 of request with message ID 0
sending packet: from 10.0.0.225[500] to 52.xxx.xxx.xxx[500] (1128 bytes)
retransmit 2 of request with message ID 0
sending packet: from 10.0.0.225[500] to 52.xxx.xxx.xxx[500] (1128 bytes)
retransmit 3 of request with message ID 0
sending packet: from 10.0.0.225[500] to 52.xxx.xxx.xxx[500] (1128 bytes)
retransmit 4 of request with message ID 0
sending packet: from 10.0.0.225[500] to 52.xxx.xxx.xxx[500] (1128 bytes)
retransmit 5 of request with message ID 0
sending packet: from 10.0.0.225[500] to 52.xxx.xxx.xxx[500] (1128 bytes)
giving up after 5 retransmits
establishing IKE_SA failed, peer not responding
establishing connection 'azure' failed

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,362 questions
{count} votes

3 answers

Sort by: Most helpful
  1. 2020-12-20T15:18:14.16+00:00

    trying to bring up an IKEv2 client connection from a linux strongswan machine to a point-to-site configured azure virtual gateway. I followed all the instructions to setup the network resources and the virtual gateway with P2S azure cert auth, but I see that the gateway does not respond to the client at all. The client keeps sending ISAKMP packets to the gateway, but the gateway does not respond.

    Can anyone please let me know what I maybe missing? Could it be some ports are blocked on the Azure side ? I did a health check on the gateway and it seemed to pass with no issues.

    Thanks! Rakesh


  2. TravisCragg-MSFT 5,676 Reputation points Microsoft Employee
    2020-12-22T11:44:42.58+00:00

    It is highly unlikely to be the Azure Gateway, and you can delete / recreate the gateway if you are concerned.

    A lack of a response is usually because the traffic is not getting to Azure, or is not coming back to your machine. To start, check any firewalls that could be blocking the traffic, both at the OS level and at your network level.

    Make sure that UDP ports 500 and 4500 are allowed and can pass traffic.


  3. chimeremeze nwabueze 0 Reputation points Microsoft Vendor
    2023-07-18T21:20:12.2666667+00:00

    Hi Rakesh, Kindly confirm on azure portal vpn p2s config section, that you selected openVPN and IKE, it seems you have only openVPN selected while your client is trying to initiate the tunnel with IKE

    0 comments No comments