Azure VPN Client problem

Question

Azure VPN Client problem

Arkadiusz Olszewski 21

Jul 22, 2022, 5:10 AM

Hello, the problem is as follows. When connecting with the Azure VPN client, I can access the network at my office, but I cannot access Azure. what I mean by that. VPN is configured to Azure P2S directly. Movement to the office from Azura.
The problem is that, for example, a machine in azure 10.0.x.x having some service on IIS I can not access it either via RDP or via the www (to open a page that is on this page), what the strangest PING of this machine I can do and that's it.
I checked some windows updates, uninstalled, searched, tried and found nothing sensible to solve. The problem is that not all computers stop working. Let's say that it works without a problem on mine, but when an employee comes, it stops working after a few days or after a few months and I have to give him another vpn from the company 3 so that he can use the work tools on azure. Anyone have any idea what the problem could be?

KapilAnanth-MSFT 49,106 Reputation points Microsoft Employee

Jul 22, 2022, 12:32 PM
Hi @Arkadiusz Olszewski ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Per my understanding, I believe you are using Azure P2S with Azure VPN Gateway and are unable to access resources in Azure (RDP and HTTP access).

But, however, you are able to Ping the machines in Azure.

The facts that ping works and the issue is not with every user(intermediate) indicate that there could be some OS-level firewall blocking the access to TCP/HTTP connections.

Can you please share the following?

Please check if the routes are advertised properly in an affected machine?

Let us know if there is any route table associated with the Gateway Subnet?

As David stated, it would be a good idea to deploy a test ResourceGroup and testVM and monitor the environment.

Please feel free to add your thoughts on this.

Thanks,
Kapil
Arkadiusz Olszewski 21 Reputation points

Jul 22, 2022, 12:45 PM

anonymous user-MSFT

1.yes, the routes on the computer with the problem are correct
2. as such, there is no route table associated with the gateway, only the routes for the S2S connection between the office and the azure are given
3. this is how we prepare such a test field.
we also tested firewalls at the ends, unfortunately it did not help. We also turned off all firewall rules to keep everything available, that didn't help either. I will let you know the test result was gone, but it's probably after the weekend. We also suspect that it is the fault of something on the end computer, but we have no idea what ... installing the system fixes the problem. But that's not a solution in the long run with 600 people
KapilAnanth-MSFT 49,106 Reputation points Microsoft Employee

Jul 25, 2022, 12:17 PM

Hi @Arkadiusz Olszewski ,

I see you have accepted the answer provided by @David Broggy .

Please let me know if you were able to isolate the cause of the problem.
Or if there are any other updates.

If not, as stated by @David Broggy , we might need to look into the logs from the Azure platform and OS.

Thanks,
Kapil

Accepted answer

1 additional answer

Your answer

KapilAnanth-MSFT 49,106 Reputation points Microsoft Employee

Jul 22, 2022, 12:32 PM

Hi @Arkadiusz Olszewski ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Per my understanding, I believe you are using Azure P2S with Azure VPN Gateway and are unable to access resources in Azure (RDP and HTTP access).

But, however, you are able to Ping the machines in Azure.

The facts that ping works and the issue is not with every user(intermediate) indicate that there could be some OS-level firewall blocking the access to TCP/HTTP connections.

Can you please share the following?

Please check if the routes are advertised properly in an affected machine?

Let us know if there is any route table associated with the Gateway Subnet?

As David stated, it would be a good idea to deploy a test ResourceGroup and testVM and monitor the environment.

Please feel free to add your thoughts on this.

Thanks,
Kapil
Arkadiusz Olszewski 21 Reputation points

Jul 22, 2022, 12:45 PM

anonymous user-MSFT

1.yes, the routes on the computer with the problem are correct
2. as such, there is no route table associated with the gateway, only the routes for the S2S connection between the office and the azure are given
3. this is how we prepare such a test field.
we also tested firewalls at the ends, unfortunately it did not help. We also turned off all firewall rules to keep everything available, that didn't help either. I will let you know the test result was gone, but it's probably after the weekend. We also suspect that it is the fault of something on the end computer, but we have no idea what ... installing the system fixes the problem. But that's not a solution in the long run with 600 people
KapilAnanth-MSFT 49,106 Reputation points Microsoft Employee

Jul 25, 2022, 12:17 PM

Hi @Arkadiusz Olszewski ,

I see you have accepted the answer provided by @David Broggy .

Please let me know if you were able to isolate the cause of the problem.
Or if there are any other updates.

If not, as stated by @David Broggy , we might need to look into the logs from the Azure platform and OS.

Thanks,
Kapil

Answer 1

David Broggy 6,111 MVP

Jul 22, 2022, 5:23 AM

Hi Arkadiusz,
Are you using Azure Policy? Could something be getting pushed out to your resources based on the policy configuration?
Are your NSG access configurations looking like you expect?
I would suggest you create a 'baseline resource group' with 1 or more VMs and monitor for suspicious changes for that policy.
If that works then begin working towards other resource groups one at a time until you unearth the problem.
Good luck!

Arkadiusz Olszewski 21 Reputation points

Jul 22, 2022, 5:29 AM

The NSG rules and policy are correct. Something else is happening. I do not have any mechanism in the azur network that would cut P2S traffic.
the problem is not only in the Azure VPN client itself but also when configuring L2TP using the built-in windows client.
Only in the latter case, we connect the VPN first to the office and then to the azura.

The VPN set up in the P2P office works without any problems.
The problem only arises when working remotely using a VPN

The solution was 3 third-party software to use VPN

Answer 2

David Broggy 6,111 MVP

Jul 22, 2022, 9:43 PM

if it works with p2p but not remote vpn it's sounding like a routing and/or firewall problem.
some careful route tracing might be required.

AI Skills Fest

Share via

Azure VPN Client problem

1 additional answer

Your answer