Troubleshoot VPN virtual network gateways and connections using the Azure CLI
Article
In this article, you learn how to use Network Watcher VPN troubleshoot capability to diagnose and troubleshoot VPN virtual network gateways and their connections to solve connectivity issues between your virtual network and on-premises network. VPN troubleshoot requests are long running requests, which could take several minutes to return a result. The logs from troubleshooting are stored in a container on a storage account that is specified.
The steps in this article run the Azure CLI commands interactively in Azure Cloud Shell. To run the commands in the Cloud Shell, select Open Cloud Shell at the upper-right corner of a code block. Select Copy to copy the code, and paste it into Cloud Shell to run it. You can also run the Cloud Shell from within the Azure portal.
You can also install Azure CLI locally to run the commands. If you run Azure CLI locally, sign in to Azure using the az login command.
Troubleshoot using an existing storage account
In this section, you learn how to troubleshoot a VPN virtual network gateway or a VPN connection using an existing storage account.
# Place the storage account ID into a variable.storageId=$(az storage account show --name'mystorageaccount'--resource-group'myResourceGroup'--query'id'--output tsv)
# Start VPN troubleshoot session.az network watcher troubleshooting start --resource-group'myResourceGroup'--resource'myGateway'--resource-type'vnetGateway'--storage-account$storageId--storage-path'https://mystorageaccount.blob.core.windows.net/{containerName}'
# Place the storage account ID into a variable.storageId=$(az storage account show --name'mystorageaccount'--resource-group'myResourceGroup'--query'id'--output tsv)
# Start VPN troubleshoot session.az network watcher troubleshooting start --resource-group'myResourceGroup'--resource'myConnection'--resource-type'vpnConnection'--storage-account$storageId--storage-path'https://mystorageaccount.blob.core.windows.net/{containerName}'
After the troubleshooting request is completed, Healthy or UnHealthy is returned with action text that provides general guidance on how to resolve the issue. If an action can be taken for the issue, a link is provided with more guidance.
Additionally, detailed logs are stored in the storage account container you specified in the previous command. For more information, see Log files. You can use Storage explorer or any other way you prefer to access and download the logs. For more information, see Get started with Storage Explorer.
Troubleshoot using a new storage account
In this section, you learn how to troubleshoot a VPN virtual network gateway or a VPN connection using a new storage account.
# Create a new storage account.az storage account create --name'mystorageaccount'--resource-group'myResourceGroup'--location'eastus'--sku'Standard_LRS'# Get the storage account keys.az storage account keys list --resource-group'myResourceGroup'--account-name'mystorageaccount'# Create a container.az storage container create --account-name'mystorageaccount'--account-key {storageAccountKey} --name'vpn'# Start VPN troubleshoot session.az network watcher troubleshooting start --resource-group'myResourceGroup'--resource'myConnection'--resource-type'vpnConnection'--storage-account'mystorageaccount'--storage-path'https://mystorageaccount.blob.core.windows.net/vpn'
After the troubleshooting request is completed, Healthy or UnHealthy is returned with action text that provides general guidance on how to resolve the issue. If an action can be taken for the issue, a link is provided with more guidance.
Additionally, detailed logs are stored in the storage account container you specified in the previous command. For more information, see Log files. You can use Storage explorer or any other way you prefer to access and download the logs. For more information, see Get started with Storage Explorer.
Network configuration and the use of Virtual Private Networks (VPNs) is integral to the success of collaborative working. In this module, we look at how to monitor and troubleshoot site-to-site and point-to-site VPNs. AZ720 AZ-720 az-720 networking