Not able to establish BGP peering with Active Active VPN GW using APIPA IP with on-prem

Shaileshkumar Beldar 1 Reputation point
2022-08-04T16:31:24.107+00:00

Hello All,

I am trying to establish active-active connection with our two on-prem sites ( both have palo alto fw as connection end-point for vpn). For one site VPN tunnel is coming up and actively exchanging routes but for another site tunnel is not coming up. I am using APIPA IP range 169.254.21.0/30 for site-A & 169.254.21.4/30 for site-B. I am using primary public IP for site-A and Secondary for site-B. I have also tried primary for both sites but it didn't work. I have also tried 10.x.x.x/30 ranges for both tunnels but for 10.x.x.x/30 IP for none of the tunnel bgp peering is coming up. I have also tried different other combination but none of them are working so not sure where exactly I am making mistake so can somebody please help me with it? please let me know if you need more information.

Regards,
Shailesh

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,514 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shaileshkumar Beldar 1 Reputation point
    2022-08-08T14:56:46.443+00:00

    Hello anonymous user-MSFT

    I am so sorry for my late response. I was trying get tunnels up with your instructions. I tried following possible solutions but no success

    Used active passive VPN GW with two local N/w GW & azure connection (for each site) connecting to public IP of VPN GW from both on-prem sites ( used 10.x.x.x/30 IP for BGP peering ) : Failed
    Used active passive VPN GW with two local N/w GW & azure connection (for each site) connecting to public IP of VPN GW from both on-prem sites ( used 169.254.21.x/30 & 169.254.22.x/30 IP for BGP peering ): Failed
    Used active-active VPN GW with two local N/w GW & azure connection (for each site) connecting to primary public IP of VPN GW from both on-prem sites ( used 10.x.x.x/30 IP for BGP peering ) : Failed
    Used active-active VPN GW with two local N/w GW & azure connection (for each site) connecting to primary public IP to site-A & secondary to site-B of VPN GW from on-prem sites ( used 10.x.x.x/30 IP for BGP peering ) : Failed
    Used active-active VPN GW with two local N/w GW & azure connection (for each site) connecting to primary public IP of VPN GW from on-prem sites ( used 169.254.21.x/30 & 169.254.22.x/30 IP for BGP peering ) : Failed
    Used active-active VPN GW with two local N/w GW & azure connection (for each site) connecting to primary public IP to site-A & secondary to site-B of VPN GW from on-prem sites ( used 169.254.21.x/30 & 169.254.22.x/30 IP for BGP peering ) : Failed

    Please note: I am getting tunnel UP & running with site-A working absolutely fine but tunnel with Site-B is not coming up, I can see traffic from 169.254.x.x. IPs for site-B on my Palo Alto but tunnel is not coning up. Below is a Screen shot of communication which I can see on my palo alto. Any comment on it?

    229140-image.png

    Thank very much for help :-)


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.