question

SimonSkelton-6324 avatar image
0 Votes"
SimonSkelton-6324 asked SimonSkelton-6324 answered

Azure VPN can connect to backend when using AD authentication but not with IKEv2

Good day, I have setup Azure VPN P2S using Active directory authentication and this works, I can connect to the VM's in the backend using the private IP. But now I found out that some of the users have Apple devices and the mac OS doesnt support this. so I changed the Authentication to use IKEv2 and installed the Root Cert and Client Certs. I can connect to the Azure VPN fine, I get the correct routes showing the correct routes to the peered Vnet but yet I cannot connect or ping any of the VM's at all, at first I thought this could be a peering issue between the Vnets, however I created a VM in the default Subnet of the Vnet hosting the VPN gateway and still I could not connect, if I connect 2 clients to the VPN I can ping each client from one of the clients. I'm certain this is a routing issue, but it makes no sense as the routes are showing up.

azure-vpn-gateway
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

81111-routes.png


I have attached an image of the route table on the client machine after connecting to the VPN

0 Votes 0 ·
routes.png (331.8 KiB)

1 Answer

SimonSkelton-6324 avatar image
0 Votes"
SimonSkelton-6324 answered

So I pulled an absolute noob move and had an overlapping IP range between the Vnet and the VPN client IP Range

cause 10.0.50.0/24 fits into my Vnet range of 10.0.0.0/16

changed the range and solved the problem

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.