question

RussellYoungs-1771 avatar image
0 Votes"
RussellYoungs-1771 asked ·

Azure VPN Gateway and RRAS - Ping ip fails

Both sides show connected. PS C:\Users\Administrator.STUDY> Test-NetConnection 10.0.0.4 -InformationLevel Detailed WARNING: Ping to 10.0.0.4 failed with status: TimedOut ComputerName : 10.0.0.4 RemoteAddress : 10.0.0.4 NameResolutionResults : 10.0.0.4 InterfaceAlias : Remote Router SourceAddress : 169.254.0.35 NetRoute (NextHop) : 0.0.0.0 PingSucceeded : False PingReplyDetails (RTT) : 0 ms I used the following link as a guide: https://charbelnemnom.com/create-site-to-site-vpn-between-azure-and-windows-rras-server/

windows-server-2019azure-vpn-gateway
· 3
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RDP connects to the vm across the tunnel using the public ip -- this tells me the tunnel is up. I had to setup port forwarding for 3389 in the netgear for this to work.

0 Votes 0 ·

I am wrong. I stopped RRAS and my RDP connection stayed up. Makes sense now because it is going through the internet and connecting to the natted public ip address.

0 Votes 0 ·

@RussellYoungs-1771 The ping does not look right. The source address seems to be 169.254.0.35 which might be the IP of the VPN tunnel itself. and the next hop is 0.0.0.0. Could you make sure that the ping is sourced from the right interface and the routing is setup properly?

0 Votes 0 ·
RussellYoungs-1771 avatar image
1 Vote"
RussellYoungs-1771 answered ·

I ended up getting a second internet connection into my house with a comcast gateway leased router that I turned into bridge mode and connected port 1 to my fortigate 30e. The wan ip address was passed correctly to the fortigate wan port. Configured fortigate with Azure cookbook and setup fw lan to azurephase1. Nat enabled on the lan to wan fw rule for internet browsing to work properly.

Additionally the virtual networks needed to be peered on azure as well to reach the private addresses. Also removed address space from second virtual network for the peering to work. I recommend a hardware vpn appliance and fortigate support was awesome!

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RussellYoungs-1771 avatar image
0 Votes"
RussellYoungs-1771 answered ·

I have a netgear comcast router and under Advanced > WAN Setup there is a setting that needed to be checked for the ping to partially work. The setting is called Respond to Ping on Internet Port. Before checked I could only ping as far as the comcast gateway and now I can ping the public ip address that I use as the tunnel ip for on premise.

I suspect it might be my netgear firewall blocking ping requests. But, it is a tunnel and that should go through.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.