Hi all, i too have this issue. Everything is working great apart from unable to access nested vm from on-prem network over S2S vpn. Can ping on-prem from within nested VM but cannot ping from on-prem to nested vm. Any help on pointers to the NAT rule required would be a huge help. Thanks
On-prem network access to Azure nested VM via site-to-site VPN
Azure VM with nested hv vm.
Site-to-site VPN established between on-prem network and Azure.
Nested VM can access the internet, the Azure VM, and the on-prem network.
The Azure VM can communicate with the nested VM.
On-prem can access azure vm but cannot access nested vm.
Configured the nested VM per: https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nested-virtualization
Tried some other RRAS and NAT configurations found online, to no avail.
However, we must be able to hit the nested vm from the on-prem network via the site-to-site vpn.
Please advise.
3 answers
Sort by: Newest
-
-
NWR 1 Reputation point
2020-08-25T15:44:30.62+00:00 Hi Gita,
Thank you for the reply. I guess I was wondering if I absolutely need 2 nics on the hyper-v host along with adding RRAS with the manual routes and nats, just to get to the guest vm via the nat. However, allow me to review the petri solution and i'll reply soon.
-
GitaraniSharma-MSFT 48,006 Reputation points Microsoft Employee
2020-08-20T02:15:14.253+00:00 Hello @NWR ,
By default, there is no inbound access from the Azure Vnet to the VMs on the Hyper-V VM. In order to bridge the VMs on the Hyper-V VM to the Azure VNET, Port forwarding on the Hyper-V VM's virtual switch are required. Hence creating a NAT rule will make it work.
Please refer : https://petri.com/create-nat-rules-hyper-v-nat-virtual-switchAFAIK, this network design is apt.
Kindly let us know if you need any further assistance on this issue from our end.
----------------------------------------------------------------------------------------------------------------
Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.