Share via

Spoke VM cannot access the Internet

Farzana Mustafa 96 Reputation points
2021-08-18T01:38:48.427+00:00

We are using Hub and Spoke technology in Azure. Hub VMs can access the Internet but Spoke VMs cannot. They have the same settings and all rules are allowed in NSG.
Spoke VM ping to 8.8.8.8 failed. No Load Balancer or App GW in use.

We are using NVA (Palo Alto firewall) and it's trusted interface is used as next hop for both Hub and Spoke VMs. No traffic is getting blocked by this firewall.
FW transmits the request (Packet sent =2)...FW does not receive the response (Packet received =0)
Season-End reason showing as TCP-RST-FROM-SERVER, i.e. TCP handshake is failing.
Peering status is showing connected for the Vnet.

Your help in this matter would be appreciated.

124104-pic.png

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,311 questions
0 comments
Accepted answer
  1. TravisCragg-MSFT 5,681 Reputation points Microsoft Employee
    2021-08-19T21:18:36.287+00:00

    This should work without issue.

    Something is likely blocking the traffic somewhere, so here are some places to start:

    1) Make sure NSGs in both the spoke VNET & firewall subnet allow traffic between the VNETs.

    2) Make sure your Palo Alto firewall allows traffic from the spoke VNET. Also, test your VNET to VNET communication and see if there are any blockers. Also, does your hub VNET have any issues with internet access?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest