Connecting Site-to-Site VPN on Azure via RRAS Help - Connected, but only 1 way ping
Question
need some expert advice.
I've set up a Site to Site VPN connection between Azure and my on premise setup by following the guides below.
The Remote and Routing Access Server (RRAS) runs on top of a Windows Server 2012 VM. A FW sits infront of the Internet, and routes all the traffic of a given Public IP address to this RRAS server.
The RRAS server has a ROUTE ADD setting added to direct 10.100.0.0/17 traffic to itself as the GW.
A secondary VM maps this RRAS server as the GW. All connections worked, and the RRAS dialup is connected fine.
Now, my VM HyperV-Local1 is able to ping 10.100.0.4, same for my RRAS server. But my VM-1 on Azure is unable to ping/access back to my on-premise servers.
1 answers
solution1
0 ACCPTED 2014-03-04 06:19:58
Ok fixed the issue.
Problem was I should not have added the route add for 10.100.0.0/17 to my RRAS server. The RRAS connection will insert that route by itself. Cos there's 2 interface on the machine (1) Ethernet, (2) the RRAS dialup. By manually inserting that route, it diverted traffic to the wrong interface.
Remember to check and enable ICMPv4 on Windows Firewall on both sides (RRAS VM and Azure VM)!
For other servers, they do not have to set their GW to the RRAS server. as long as you add a Route Add 10.100.0.0/17 to your RRAS server will do.
Some info on my setup environment:
- My onpremise firewall has a public ip mapped to my internal VM (RRAS server)
- Followed the guide on a new Windows Server 2012 setup without Remote Access installed.
- Run the Azure powershell script as per the guide for VPN connection setup.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.