question

yogeshgupta-2034 avatar image
0 Votes"
yogeshgupta-2034 asked ricardosolisvillegas-4678 commented

unable to connect Azure VM using private IP after connecting Azure VPN

I have setup a Point to Site Virtual Network Gateway and installed the Azure VPN client on my local laptop. I am connect to the VPN and it shows connection is successful.

But not able to connect Azure VM (SSH) via Private IP.

My Virtual Network Gateway and Azure VM are in the same VNet. On the Azure VM, NSG, I allowed inbound traffic for port 22 from the Private IP range of P2S configuration to the VM's Private IP address.

Could someone help me out?

azure-vpn-gateway
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ricardosolisvillegas-4678 avatar image
0 Votes"
ricardosolisvillegas-4678 answered

Hello @yogeshgupta-2034

Thank you for your post

I am wondering if when you try to ssh your vm, you started getting a time out error or any other...

Also, I would like to ask some question for getting familiar with the issue.

-Do you SSH this VM before or it is the first time?
-Did you check the effective routes table for this VM?
-Do you have any NSG?
-Was this VPN configured for force or split tunneling?

Best Regards,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yogeshgupta-2034 avatar image
0 Votes"
yogeshgupta-2034 answered ricardosolisvillegas-4678 commented

Thanks,

  • Yes, I am able to SSH this VM before (earlier SSH was allowed from anywhere for the VM)

  • Yes, I check the effective route table for the VM. It appears correct to me. Do you want me to check any thing specific?

  • Yes, I do have NSG associated with the VM. In the NSG, inbound traffic is allowed for Port 22 from the Private IP range of the Point-To-Site configuration of Virtual Network Gatway.

  • I just configured this VPN using Azure Virtual Network Gateway and Point-To-Site configuration. I don't see any option for force or split tunneling there.

Regards,



· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Many thanks.

Can I get a route print of your PC pls?
Did you change your SSH keys or any similar change?

BR,

0 Votes 0 ·
ricardosolisvillegas-4678 avatar image ricardosolisvillegas-4678 ricardosolisvillegas-4678 ·

Also, Did you check the listening ports on the remote VM?

BR,

0 Votes 0 ·
yogeshgupta-2034 avatar image yogeshgupta-2034 ricardosolisvillegas-4678 ·

Yes listening port is 22 which is opened from private IP range of Azure VPN P2S

0 Votes 0 ·
Show more comments
yogeshgupta-2034 avatar image yogeshgupta-2034 ricardosolisvillegas-4678 ·

204339-screenshot-2022-05-22-at-123803-pm.png204268-screenshot-2022-05-22-at-123817-pm.png





Attached the route from my local laptop after connecting the VPN. Also attached the details shown on Azure VPN client.

0 Votes 0 ·
ricardosolisvillegas-4678 avatar image
0 Votes"
ricardosolisvillegas-4678 answered ricardosolisvillegas-4678 commented

Many thanks for your additional details.

I have seen that your routes are 10.9/16 as well as 172.16/16... Please correct me if I am mistaken on it.

Also, I noticed that you have some utun interfaces and If i recall those are for Globalprotect for PA.

If you do a traceroute or ping... Did you get to the remote VM?

BR,

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @yogeshgupta-2034

I hope you are doing fine.

Do you need further assistance on this concern?

Looking forward to your feedback,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.



0 Votes 0 ·