Azure P2S and S2S Communication

Jonathan collin 0

Dear All,

I have setup a P2S VPN and S2S VPN both are working but I'm not able to communicate to my on premise system throw the S2S VPN

The address space of the local network gateway is 172.10.0.0/21 (so it's the same address network of my onpremise system)

The address space of the vnet is 10.0.0.0/11

The gateway subnet is 10.16.0.0/12

When I check the IP address of the P2S it's 172.0.0.2

I'm not verry aware about network... so if you have some information...

Thanks in advance

KapilAnanth-MSFT 46,016 Reputation points Microsoft Employee

2024-07-17T08:39:20.5666667+00:00
@Jonathan collin ,

From your statement,

Wrt, "I have deployed a VM on azure vnet I'm able to ping it from my local computer (P2S) and from my S2S windows server"

This means routing is fine from both the sides.

i.e, from Azure VM to P2SClient/OnPrem server

and also from P2SClient/OnPrem server to Azure VM

Wrt, "I think about network issue route are not defined in the VM"

This cannot be the case

If so, you will never be able to get a response back from the VM.

I agree with Andreas Baumgarten ,

If you are not able to ping from Azure VM to the P2SClient/OnPrem server, it could be because of the firewall in P2SClient/OnPrem server.

Instead of Pings, you can try using TCP/Telnet to port 3389 (RDP)

Chances are there this too is blocked

I would suggest you check with your IT/Network Admin if there are such Firewall rules in place.

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

1 answer

Andreas Baumgarten 110.2K Reputation points MVP

2024-07-15T20:32:48.6033333+00:00

Hi @Jonathan collin ,

if you have the same IP address range (overlapping IP address ranges) in Azure and in your on-premises network, connected via S2S you need to use NAT on Azure VPN Gateway: About NAT on Azure VPN Gateway

NAT on Azure VPN Gateway requires an VPN Gateway SKU VpnGw2/VpnGw2AZ or "higher".

The other option might be to change/modify the IP address range in Azure and make sure there is no overlapping IP address range.

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten
Please sign in to rate this answer.
Jonathan collin 0 Reputation points

2024-07-15T20:55:40.45+00:00

Hello @Andreas Baumgarten ,

thanks for your reply, I have followed this tutorial https://www.youtube.com/watch?v=1Oht5W9Wn2w&ab_channel=vCloudBitsBytes to implement the S2S and they are no NAT functionnality...

I will check your solution and let you know :)

Andreas Baumgarten 110.2K Reputation points MVP

2024-07-15T22:38:12.67+00:00

Hi @Jonathan collin ,

i think I misread your network description in your question. Maybe NAT on VPN Gateway is not required. Sorry.

Just to be safe:

Your Azure vNet is 10.0.0.0/11 (the /11 is not common? Normally a 16 bit subnet mask is used for vNets)

Is there any reason why the vNet is defined that large? The video shows a 16-bit subnet mask for the Azure vNet.

Is there any reason why the VPN Gateway subnet is defined that large (10.16.0.0/12) ?

Microsoft recommends a 27 bit subnet mask (or greater) . There is no reason for using a larger subnet in my opinion.

In which subnet of the Azure vNet are your Azure resources, like VMs?

Your on-premises network IP address range is 172.10.0.0/21 like defined in the Azure Local Network gateway?

What IP address range is defined in the Point-to-site configuration of the Azure VPN gateway?

Overall your network configuration is a little bit confusing ;-) Sorry to say.

I would recommend to use the P2S and S2S configurations Microsoft is recommending:

Configure server settings for P2S VPN Gateway certificate authentication

Tutorial: Create a site-to-site VPN connection in the Azure portal

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten

Jonathan collin 0 Reputation points

2024-07-16T08:03:44.23+00:00

Hello @Andreas Baumgarten ,

Let me check all your point (I'm a beginner in Azure and Network connectivity) :)

I keep you aware :)

Jonathan collin 0 Reputation points

2024-07-16T10:01:39.9866667+00:00

Hello @Andreas Baumgarten ,

I have deployed a VM on azure vnet I'm able to ping it from my local computer (P2S) and from my S2S windows server but not able to ping from my VM to S2S and P2S I think about network issue route are not defined in the VM. But route are define in the VPN P2S to go to 172.10.0.0/21 network...

Andreas Baumgarten 110.2K Reputation points MVP

2024-07-16T10:57:13.0766667+00:00

Hi @Jonathan collin ,

if you can ping the Azure VM from your computer via P2S connection this routing should be ok.

If you can't ping from Azure VM to your computer via P2S it's maybe blocked by the Firewall of your computer? Because the P2S routing seems to be ok.

If you can ping from your on-premises network to the Azure VM via "S2S connection this routing should be ok as well.

If you can't ping from Azure VM to the computer in your local network via S2S it's maybe blocked by the Firewall of the computer? Because the S2S routing seems to be ok as well.

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Azure P2S and S2S Communication

1 answer

Your answer