Share via

not traffic outbound subnet onpremises

JUAN FERNANDO SILVA PEREZ 0 Reputation points
2024-08-15T02:04:20.2733333+00:00

Buen dia

Tengo un inconveniente con una trafico que no esta llegando desde Azure Firewall o Onpremises, tengo las reglas completas y configuradas desde el FW y tambien tengo publicado el segmento desde las LNG, pero aun asi desde una VM no llego solo a ese segmento especifico, a los demas segmentos si se ve trafico desde el FW Onpremises.

Configuracion de Reglas:

Trafico por FW Azure

Origen: 10.220.234.5

Destino: 172.30.242.53

Se reviso si de pronto existe un trafico con action DENY pero no se tiene nada configurado de ese manera.

Agradezco de la manera mas atenta su colaboracion y pronta respuesta si a alguien le ha pasado este tipo de situaciones.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,543 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
669 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,472 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 26,201 Reputation points Microsoft Employee
    2024-08-16T18:21:20.68+00:00

    @JUAN FERNANDO SILVA PEREZ

    Thank you for reaching out.

    Based on your question above I understand that you are facing issue while connecting to a on-prem subnet from a VM located in Azure. Even though you have advertised the subnet in LNG. The connectivity is working from other subnets from the on-prem, as you see the traffic in Azure firewall and on-prem. You checked and found no issue with Azure Firewall.

    Based on my understanding above I think the issue might be related to either NSG present in the Network or a routing issue. You can follow the troubleshooting steps below to help find the cause.

    • You can use IP flow verify to test if any NSG is blocking the connectivity.
    • Check the effective routes on the VM and see if the most specific route is present, you can use Network watcher next hop to test which route is selected in this scenario.
    • As there is an Azure Firewall in the mix, it can also affect the routing, please check if the correct routes are present on the route table associated with your subnet.
    • If above does not help, you can use following method to isolate the issue with the three components
      • Use Azure Firewall Structured Diagnostic Logs to determine if the traffic was allowed on by the firewall.
      • Perform packet capture on your VPN Gateway to determine if the traffic was sent across by VPN Gateway.
      • If do not observe the return traffic on packet capture above, then issue might be with on-prem set-up and check if any on-prem firewall is not blocking this connectivity.

    Please let me know if you have any additional questions. Thanks!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.