S2S VPN connectivity from on prem firewall/VPN device

Question

Hello Azure Support Team,

I have successfully set up the VPN tunnel on the Sophos firewall for site-to-site connectivity to Azure. However, I am encountering issues while configuring the VPN settings within the Azure portal, specifically related to subnet configurations.

Despite verifying all settings on the Sophos side, the subnet-level configurations in Azure are not aligning correctly, preventing the establishment of a stable VPN connection. Could you please assist me in identifying and resolving the subnet configuration issues to complete the VPN setup?

Answer 1

Hi Gurpreet Singh

Could you please share the specific error you are encountering using diagnostic logs?

We kindly request you to review the following details regarding the subnet configuration:

• Ensure that the Gateway Subnet is properly defined and has sufficient IP addresses. The subnet name must be GatewaySubnet.
• https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub
• Check the address space in Azure does not overlap with the Gateway Subnet.
• Check the VNet address space: Ensure the VNet in Azure (e.g., 10.0.0.0/16) includes a dedicated Gateway Subnet (e.g., 10.0.255.0/27) that doesn’t overlap with other subnets in the VNet or your on-premises network.
•  The Local Network Gateway in Azure should define your on-premises Sophos network’s address space.

For more information sharing below document for your reference.

Refer:https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-site-to-site-cannot-connect.

---

I hope this helps, let me know if you have any further questions, we will be happy to assist you.

Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.