Can't create a Virtual Network Gateway in Microsoft Azure

Raja Prasad Shaw 1 Reputation point
2021-03-08T18:08:37.807+00:00

I'm trying to create a Virtual Network Gateway but getting the error "The operation failed because the network security group NSG-centralus can not be associated to the GatewaySubnet. Please remove the network security group associated to the GatewaySubnet. No changes have occurred on the gateway at this time."

I've tried to remove NSG from the default subnet of the virtual network but when I click to save the subnet with NSG section as None, it comes back reflecting the default NSG. I tried creating a new subnet with NSG-None but it gets saved with default NSG. I'm unable to figure out what to do to fix this.

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
35,947 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SaiKishor-MSFT 17,181 Reputation points
    2021-03-08T19:30:49.187+00:00

    @Raja Prasad Shaw As discussed here in this document, When working with gateway subnets, avoid associating a network security group (NSG) to the gateway subnet. Associating a network security group to this subnet may cause your Virtual Network gateway(VPN, Express Route gateway) to stop functioning as expected.

    When you name a subnet as GatewaySubnet but try to associate a NSG to it, you will get this error as this is not allowed.

    However, I am unable to understand what you mean by- I've tried to remove NSG from the default subnet of the virtual network but when I click to save the subnet with NSG section as None, it comes back reflecting the default NSG.

    Could yu provide a snapshot of this behavior and steps that you are following after which you receive this error? Thank you!