Adding new subnet in site to site

Sundram Sontirkey 97 Reputation points
2022-04-27T12:14:55.137+00:00

Hello Everyone,
We have a site to site to connection in our environment. In the environment only one subnet from on-prem is able to connected to VPN.
We had to add another subnet from the environment. So We have added that subnet in the Local Network Gateway.

Need to the understand

  • Is there any configuration required to do on the on premise environment or in azure after routing configuration.
  • What troubleshooting needs to be done in the on-premise environment.

Please provide your suggestions.

Thanks for your help!

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,455 questions
{count} votes

5 answers

Sort by: Most helpful
  1. Luis Rodriguez 6,201 Reputation points Microsoft Employee
    2022-04-28T00:09:39.333+00:00

    Hello @Sundram Sontirkey

    Welcome to Microsoft Q&A Platform.

    This could be a traffic selectors issue, what's the VPN type? (policy based / route based)
    You can try to enable "Use policy based traffic selector" option. You will find this option under the connection configuration page on the Azure Portal.

    More info about VPN types and and traffic selectors below:
    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps

    If you use ACLs on the on-premise side you have to be sure that the traffic for the new subnet is allowed

    Please check the thread below as it's related to the same topic:
    https://learn.microsoft.com/en-us/answers/questions/174192/azure-vpn-connectivity-s2s.html

    I hope this helps!

    ----------

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

  2. Limitless Technology 39,511 Reputation points
    2022-04-28T08:56:45.38+00:00

    Hi there,

    Yes to configure a multisite deployment, there are a number of steps required to modify network infrastructure settings including configuring additional Active Directory sites and domain controllers, configuring additional security groups, and configuring Group Policy Objects (GPOs) if you are not using automatically configured GPOs.

    Here is a link for a detailed description of the process that you must follow.

    Step 2 Configure the Multisite Infrastructure https://learn.microsoft.com/en-us/windows-server/remote/remote-access/ras/multisite/configure/step-2-configure-the-multisite-infrastructure

    In the below thread you can find the impacts of making subnets on ad sites and services
    Creating a new site and adding subnets on ad sites and services https://social.technet.microsoft.com/Forums/en-US/dd8f4ed2-40dd-44e4-b812-c44498142584/creating-new-site-and-add-subnets-on-ad-sites-and-services?forum=winserverDS

    -----------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

  3. Sundram Sontirkey 97 Reputation points
    2022-04-29T12:29:07.173+00:00

    Thanks Guys for your help!

    While doing this troubleshooting we ran into another issue with our working subnet. Now we are getting around 94% ping lost with the working subnet.
    Please suggest what could be possible issue and its resolution.

    VPN Type : Route Based
    IKEv1

    ![197696-image.png]1


  4. Luis Rodriguez 6,201 Reputation points Microsoft Employee
    2022-04-29T23:49:01.527+00:00

    Hi @Sundram Sontirkey

    Can you reset the VPN gateway and check if the issue gets fixed?

    If not please check MSS/MTU values configured (please note that you must clamp TCP MSS at 1350. Or if your onpremise VPN devices do not support MSS clamping, you can alternatively set the MTU on the tunnel interface to 1400 bytes instead).

    You can check the Azure VPN Gateway logs, paying special attention to the IKE logs:
    https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics

    Thank you

    0 comments No comments

  5. Rishabh mishra 156 Reputation points
    2022-05-24T13:33:45.353+00:00

    Hi @Sundarm090-4866

    Can you please share your on premise VPN gateway vendor? Is it policy based VPN or route based?

    Thanks
    Rish

    0 comments No comments