Unable to use the virutal network gateway from peered VNET via transit gateway

Ritesh Agrahari 1 Reputation point
2022-07-08T12:46:39.947+00:00

We have hub-spoke VNet connection, and both are peered where transit gateway is enabled both side. On hub we have Virtual network gateway and on spoke we have a VM which tries to connect to an instance outside Azure. Tested the connectivity with this instance from Hub Vnet/Subnet works fine. But from spoke Vnet/Subnet it fails to connect. Although from Spoke i could connect successfully to Hub Vnet/Subnet Virtual machine via peering connection.

I suspect these is something with NSG or Route Table. Please help/advice.

Appreciate quick response.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,574 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,539 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Tchimwa Sougang 941 Reputation points Microsoft Employee
    2022-07-08T14:14:56.363+00:00

    @Ritesh Agrahari Thank you for your question. I suspect the routing here. I believe you have a Site-to-Site VPN connection, make sure on your on-premises (other side where you are connecting to Azure) VPN appliance, you have added the address space of the Spoke VNET so that you have that route as well. You probably only have the address space of the Hub VNET but not the Spoke. Please add the Spoke address space on your VPN appliance.

    0 comments No comments

  2. Rishabh mishra 156 Reputation points
    2022-07-18T12:09:28.413+00:00

    @Ritesh Agrahari Hi Ritesh, I think this may be due to route table. Since you mentioned hub spoke can u please check if peering is enabled and also you if try traceroute see where packet getting dropped.


  3. Harshvir Bhati 26 Reputation points
    2022-12-14T17:48:52.437+00:00

    Hello,

    I have a similar issue. I can able to ping On-prem from the hub and hub to spoke. But when I am trying to Spoke to On-prem, I cannot ping. I have allowed RDP and ICMP traffic in both Inbound and Outbound in NSG and VM. The GW transit on the Hub network is enabled but disabled on the Spoke network.

    Any suggestions?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.