This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am new(ish) to Azure networking and could use some input / direction.
Goal: I have a small network of VMs in a datacenter that I would like to join to my Azure Active Directory Domain Services.
Current Setup:
datacenter: Meraki MX84 acting as firewall, VM setup as DNS server for local network
Azure:
resource group:
vnet1
address space: 172.16.0.0/16
subnet: default - 172.16.0.0/24
subnet: gateway - 172.16.1.0/24
Gateway
Site-to-site VPN to datacenter meraki (actively connected successfully)
AAD DS with IPs: 172.16.0.4 & 172.16.0.5 attached to subnet default with a NSG with default rules from Azure.
S2S VPN is setup and connected between Meraki MX84 and above Azure gateway.
I can't get any of the datacenter VMs to talk to the AAD DS.
When I created the VPN on the Meraki side, the Meraki auto created a route in it's route table of 172.16.1.0/24 through the VPN.
Any help would be much appreciated.
Thanks again for your responses. I got the VPN tunnel working correctly by adding a route table in Azure to the Gateway and AAD DS subnets.
@Jason ,
Thanks for the confirmation.
Happy that you were able to overcome above issue. Once again thank you for leveraging Microsoft community forum.
Hello @Jason ,
Thanks for reaching out.
You can use Azure ADDS to manage your on-premise workstations provided you have a Site-to-Site VPN connection between on-prem and Azure.
Since there are many components involved in this scenario, so just to isolate the issue, I would recommend you to create a new test VM in the same VNet where Azure ADDS is provision and see Azure VM can talk to the AAD DS without any issue? if doesn't work then we need to fix that in first place.
As you design the virtual network for Azure AD DS, the following considerations apply:
For more information,read Azure virtual network design and Using virtual private networking, Configure a (Site-to-Site (IPsec) by using the Azure portal.
------------------------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi sikumars, thanks for the response.
I created a VM in the same vnet as the AAD DS.
AAD DS 172.16.0.4 & .5
Test VM: 172.16.0.6
Test VM can ping and connect to AAD DS no issue.
I am still unable to reach the AAD DS or the test VM from the on prem network through the Gateway VPN.
I have also created a P2S VPN in the same gateway, and I am also unable to connect to the test VM or AAD DS from the P2S VPN.
I have the Gateway in it's own vnet now, with vnet peering and gateway transit enabled. Gateway subnet is 172.15.0.0/16
Side note: I have multiple vnets in Azure with vnet peering to the AAD DS vnet and all of those VMs are successfully connecting to AAD DS just fine.
Any other thoughts or suggestions of how to test or where to look?
Hello @Jason ,
You have mentioned "Site-to-site VPN to datacenter meraki (actively connected successfully)" but you also mentioned that you are unable to reach the AAD DS or the test VM from the on prem network through the Gateway VPN. So I have the below questions:
Thanks,
Gita