![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 76%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWA%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,795 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi Will Armstrong,
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
Based on our understanding of your issue, there are several factors to consider. Please review the following suggestions.
- Verify the shared key
Compare the shared key for the on-premises VPN device to the Azure Virtual Network VPN to make sure that the keys match.
- Verify the VPN peer Ips
The IP definition in the Local Network Gateway object in Azure should match the on-premises device IP. The Azure gateway IP definition that is set on the on-premises device should match the Azure gateway IP.
- Check UDR and NSGs on the gateway subnet
Check for and remove user-defined routing (UDR) or Network Security Groups (NSGs) on the gateway subnet, and then test the result. If the problem is resolved, validate the settings that UDR or NSG applied.
- Check the on-premises VPN device external interface address
If the Internet-facing IP address of the VPN device is included in the Local network definition in Azure, you might experience sporadic disconnections.
Verify that the subnets match exactly (Azure policy-based gateways)
Verify that the virtual network address space(s) match exactly between the Azure virtual network and on-premises definitions. Verify that the subnets match exactly between the Local Network Gateway and on-premises definitions for the on-premises network.
- Verify the Azure gateway health probe
- Check whether the on-premises VPN device has the perfect forward secrecy feature enabled
The perfect forward secrecy feature can cause disconnection problems. If the VPN device has perfect forward secrecy enabled, disable the feature. Then update the VPN gateway IPsec policy.
- Review firewall policies on both FortiGate devices. Ensure that policies allow traffic from the VM's subnet to the remote site's subnet.
Refer this link for more details: Troubleshoot an Azure S2S VPN connection that cannot connect - Azure VPN Gateway | Microsoft Learn
Note: similar issue https://stackoverflow.com/questions/68284293/azure-vm-cant-reach-remote-network-with-connected-vpn
Kindly let us know if the above helps or you need further assistance on this issue.
Thanks,
Rohith.
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.