question

PelaezMarcia-9458 avatar image
0 Votes"
PelaezMarcia-9458 asked PelaezMarcia-9458 answered

Site to Site VPN from Azure virtual network gateway to AWS virtual private Gateway

Hello, I have successfully configured a Site to Site VPN from Azure virtual network gateway to AWS virtual private Gateway.
The connections are up and running as shown in the images but If I try to ping a VM from Azure to AWS and vice versa there is no connection.
I have created the routing tables from both sides but there is no connectivity inside Windows. The security groups and firewalls allow traffic.
Any idea?
Thank you114254-aws1.png114255-azure2.png114276-ping.png


azure-virtual-network
aws1.png (114.2 KiB)
azure2.png (36.6 KiB)
ping.png (15.3 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@PelaezMarcia-9458 Thank you for reaching out to Microsoft Q&A.

I understand that you have a S2S VPN Tunnel up between AWS and Azure but cannot have traffic going through it. Please perform the following tests and let us know:

  1. Can you disable one tunnel of the two and see if that helps with the traffic flow?

  2. Can you check if Windows OS firewall is disableda and if not, disable it completely for testing and ping again?

  3. Please run a Traceroute from both sides i.e., AWS to Azure and Azure to AWS and provide the results? Make sure to open the respective security groups to allow the same.

  4. Please check if any other protocol works like SSH, RDP etc.,?

  5. Please also check the effective routes on both sides and make sure that there are routes for the local network of the opposite sides in the routing table of the subnet.

Let me know the outcomes of the test so we can look into this further. Thank you!



0 Votes 0 ·

@PelaezMarcia-9458

Adding to the above, you can also enable a packet capture using Network Watcher for the VPN Gateway to troubleshoot this. Please refer to this document for more details. Thank you!


0 Votes 0 ·

@PelaezMarcia-9458 Any update?

0 Votes 0 ·

1 Answer

PelaezMarcia-9458 avatar image
0 Votes"
PelaezMarcia-9458 answered

Hello SaiKishor-MSFT,

I have tried what you suggested. The firewall is down from both sides, and for testing purposes, I'm allowing all traffic from both sides in the Security groups. I have tried the VPN troubleshooter as you suggested but the result shows the VPN Gateway and connections healthy as seen on the screen..
Also, I repeated the whole lab leaving all objects in East US (Azure and AWS) because at the beginning I was using Central Canada for Azure
I think that if the tunnel is up and running I'm facing a problem with the routing ... I'm following AWS and Azure docs but maybe this is the part that has the issue

115108-azuretoawstrouble1.png





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.