Share via

2 Azure servers on same virtual network need to use single site to site VPN

Daniel C. Mitchell 1 Reputation point
2022-06-24T20:54:29.82+00:00

I have two Azure servers on the same virtual network, say Test-vnet. I have a site to site VPN tunnel set up connecting to Test-vnet. One server has no issues connecting to devices on the other end of the site to site VPN, but the other will not connect or see the devices. From the non-Azure end of the site to site VPN, both servers can be pinged by IP.

Can someone assist with what we need to do so that both servers can utilize the same site to site VPN without issues?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,634 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,620 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Luis Rodriguez 6,221 Reputation points Microsoft Employee
    2022-06-24T22:56:59.783+00:00

    @Daniel C. Mitchell

    How are you testing the connection between both sides?
    Compare OS firewall settings on both servers and make sure that ICMP traffic is allowed if using ping.
    Are the servers placed in the same subnet?
    Check if NSG / route table settings are the same.
    If nothing works I would suggest taking network traces using the tool of your choice.

    I hope this helps!

    ----------

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments
  2. Manu Philip 19,271 Reputation points MVP
    2022-06-24T21:23:40.51+00:00

    @Daniel C. Mitchell , Check, if the route towards the gateway subnetwork is correctly configured in the VM where you have connectivity issue. You should need to resolve that, to connect the VM successfully.
    Run ip route from both of the VMs and do a comparison.

    If this is missing, add route to VM like: route ADD 10.0.0.0 MASK 255.255.255.240

    ----------

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  3. Daniel C. Mitchell 1 Reputation point
    2022-06-24T21:46:28.987+00:00

    Checked the Route tables on both servers and they match. There is not a missing ip route on the server that is not connecting versus the one that is connecting.

    0 comments
  4. Daniel C. Mitchell 1 Reputation point
    2022-06-27T15:31:39.36+00:00

    We are testing using Ping and verified Ping from both servers to the other end and from the other end to both servers works. We are attempting to connect to an SQL server on the other end of the tunnel using ODBC and can from one server but not the other (using the exact same settings for both ODBC connections).

    Servers are on the same subnet and the NSG/Route table settings are the same.

    Server 1 - Can ping other end of VPN tunnel and ODBC connection works without issue

    Server 2 - Can ping other end of VPN tunnel but ODBC connection fails with server does not exist or access denied.

    Using the same server info and connection settings in both ODBCs, Server 1 will work while Server 2 does not.

    0 comments
  5. Daniel C. Mitchell 1 Reputation point
    2022-07-07T19:13:52.23+00:00

    Figured out the issue. Issue was on the other end of the VPN tunnel and their firewall settings.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.