question

RedMatterArchitect-4825 avatar image
0 Votes"
RedMatterArchitect-4825 asked RedMatterArchitect-4825 answered

OnPrem connectitvity issues when using Site to Site VPN Gateway

Hi All,

I recently created a VPN gateway under my vnet which has an address space or 11.1.0.0/16. However I am using Site to Site VPN setting to connect to my OnPrem resources which has the following address space.

10.0.0.0/24
177.16.120.0/21
192.168.3.0/24

Now my issue is that I can connect to my OnPrem machines which falls in the 177 and 192 series but I CANT CONNECT to any resource in my onprem environment which falls in the 10.0.0.XX series like 10.0.0.26

azure-vpn-gateway
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RedMatterArchitect-4825 Thank you for reaching out to Microsoft Q&A. Firstly apologize for the delay in response to your question.

I understand that you are facing connectivity issues to one of the address ranges on your on-premise i.e., 10.0.0.0/24. Can you share more details/snapshots of your route table on the Azure side subnet? Can you also confirm if there are any security rules on the on-premise blocking access to this 10/24 network? Are there any conflicting routes on Azure with the same/similar subnet? Please let us know. Thank you!

0 Votes 0 ·

Hello Sai,

Thanks for replying. We have not created any route tables explicitly for the on-prem connectivity. Also there is no IP range that conflicts with the 10.0.0.0/24 subnet series. I am checking with my IT Manager for any inbound rules but just to let you know that none of my onPrem machines are able to connect to Azure as well. So the VPN tunnel (Site to Site connectivity is up and running) is only not able to talk for this specific series. Hence are there any internal Azure restrictions for this particular subnet series.

0 Votes 0 ·
SaiKishor-MSFT avatar image SaiKishor-MSFT RedMatterArchitect-4825 ·

@RedMatterArchitect-4825 There are no restrictions for this specific subnet on Azure cloud as such. I understand that you did not create a route table explicitly but can you share a snapshot or copy/paste the routes in the subnets route table so I can take a look?

0 Votes 0 ·
RedMatterArchitect-4825 avatar image
0 Votes"
RedMatterArchitect-4825 answered SaiKishor-MSFT commented

Hey Sai,

Sorry i got busy but below is the screenshot from my subnet

![107053-image.png][1]



image.png (119.7 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RedMatterArchitect-4825 This is a snapshot of the subnet itself. Its useful to see the actual routes associated to the subnet. Can you provide those?

0 Votes 0 ·
RedMatterArchitect-4825 avatar image
0 Votes"
RedMatterArchitect-4825 answered SaiKishor-MSFT commented

Can you please help as where can i find by giving me the direction so that i can share the right information with you because when i search for route tables, nothing shows up as i have not configured any routes

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RedMatterArchitect-4825 Please check the steps given here in the document to find the effective routes for the NIC of the VM from which you are testing connectivity from. Please share the snapshot of the effective route table. Thank you!


0 Votes 0 ·
RedMatterArchitect-4825 avatar image
0 Votes"
RedMatterArchitect-4825 answered SaiKishor-MSFT commented

110253-image.png



image.png (135.5 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RedMatterArchitect-4825 Routing looks good i.e., I can see a route for the 10.0.0.0/24 network and this route will be used for 10/24 network as the longest prefix matches to this one. Have you performed any traffic captures on the on-premise side to see if the traffic reaches the on-premise side? If not, I will start there and check if traffic is reaching or not.

0 Votes 0 ·
RedMatterArchitect-4825 avatar image
0 Votes"
RedMatterArchitect-4825 answered

Nothing so far because we are working on an alternate solution for this.
Thanks for the support.
You can close the thread

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.