Azure VPN can connect to backend when using AD authentication but not with IKEv2

Question

question

SimonSkelton-6324 asked Mar 24, '21 SimonSkelton-6324 answered Mar 24, '21

Azure VPN can connect to backend when using AD authentication but not with IKEv2

Good day, I have setup Azure VPN P2S using Active directory authentication and this works, I can connect to the VM's in the backend using the private IP. But now I found out that some of the users have Apple devices and the mac OS doesnt support this. so I changed the Authentication to use IKEv2 and installed the Root Cert and Client Certs. I can connect to the Azure VPN fine, I get the correct routes showing the correct routes to the peered Vnet but yet I cannot connect or ping any of the VM's at all, at first I thought this could be a peering issue between the Vnets, however I created a VM in the default Subnet of the Vnet hosting the VPN gateway and still I could not connect, if I connect 2 clients to the VPN I can ping each client from one of the clients. I'm certain this is a routing issue, but it makes no sense as the routes are showing up.

azure-vpn-gateway

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SimonSkelton-6324 · Mar 24, 2021 at 08:25 AM

I have attached an image of the route table on the client machine after connecting to the VPN

0 ·

routes.png (331.8 KiB)

Answer 1 · 2021-03-24T14:37:12.133Z

SimonSkelton-6324 answered Mar 24, '21

So I pulled an absolute noob move and had an overlapping IP range between the Vnet and the VPN client IP Range

cause 10.0.50.0/24 fits into my Vnet range of 10.0.0.0/16

changed the range and solved the problem

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

question