azure to local traffic issue

Loganathan Dinesh 1 Reputation point
2021-09-09T10:29:44.99+00:00

I have a site-to-site network setup in Azure to allow my servers in Azure connect to some local resources. The gateway is setup with static routing (route based). If the connection is inactive for sometime, Azure will bring down the connection automatically. This is fine, but for some reason Azure won't bring back up the connection automatically,
if it has any attempted traffic from local > azure. The only way to bring the connection back up is to generate traffic from Azure to Local. ( Tunnel is up all the time)

When the connection goes down I can't ping to the VM running in Azure, when I ping from local to azure, it says request timeout, mentime if I initiate a ping from Azure VM to Local, then immediatelyt local to Azure ping gets a response

I checked from my firewall, when I initiate a ping from local to Azure the traffic is passing the firewall but no reply from the Azure VM, that;s why I get the request timeout, as soon as I initiate a ping from Azure to local, i get the response.

Watcguard Firewall ( Checked the model amd Firmware version is supported) (FireboxV - XTM)
https://learn.microsoft.com/en-in/azure/vpn-gateway/vpn-gateway-about-vpn-devices

I would greatly appreciate some advise

Many Thanks,
Logan

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,458 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,297 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 24,666 Reputation points Microsoft Employee
    2021-09-09T19:39:36.293+00:00

    Hello @Loganathan Dinesh , Thank you for reaching out!
    Based on the issue above. Can you please tell us what connection mode is set-up? if the Azure is setup as Initiator the connection will be initialized from Azure and if the mode is set-up as Default, Azure can act as both initiator and responder during an IPsec tunnel setup. There is no support for Azure as a responder only. Can you try and toggle this mode? and see if this is the issue.
    Additionally can you do a packet capture for your VM and see why there is no response sent out? You can use Network watcher for this purpose.
    Please let me know if there are any additional concerns. Thank you!

    0 comments No comments