Share via

Connected to P2S VPN Gateway, but unable to reach resource in different subnet

Kent Taylor 1 Reputation point
2020-10-27T17:55:25.617+00:00

Good afternoon,

We have just set up a VPN Gateway (SKU: VpnGw1) using IKEv2 + OpenVPN tunnel types. Given a network of 10.0.0.0/16, the VPN gateway resides in the subnet 10.0.4.0/24. The client is able to connect to the VPN gateway and receive an IPv4 address in 10.1.0.0/16, but the client is unable to ping nor ssh into a server on 10.0.0.0/24. I have tried removing the Network Security Group assigned to both the subnet 10.0.0.0/24 as well as the server's NIC to no avail. I did download the latest VPN config from the P2S setup page, and the settings files do contain 10.0.0.0/16 as the only route.

How do we enable client connectivity with hosts in the 10.0.0.0/24 subnet from the 10.1.0.0/16 client pool?

EDIT: Active-to-active mode and BGP are both disabled to clarify

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,543 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 49,616 Reputation points Microsoft Employee
    2020-10-28T14:14:13.85+00:00

    Hello @Kent Taylor ,

    Once connected to Azure Point to site VPN, the VPN client should get the routes from Azure VPN gateway, which are stored in this path - C:\Users\UserName\AppData\Roaming\Microsoft\Network\Connections\cm\<VirtualNetworkId\routes.txt. In your case, even though the client is getting connected, the VPN client is not getting the Vnet routes and that is the reason you are unable to access the subnets and resources in your Vnet.

    I would recommend you to follow the below steps:

    1. Reset the VPN gateway
    2. Un-install the VPN client from your machine by removing the VPN client from network adapters (Network connections).
    3. Re-download the VPN client from Azure portal.
    4. Re-install the VPN client on your machine and try again.

    Please refer the below article for more information on troubleshooting Azure P2S VPN connection issues:
    https://zcusa.951200.xyz/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems#the-point-to-site-vpn-connection-is-established-but-you-still-cannot-connect-to-azure-resources

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.