Quantcast
Channel: Azure Networking (DNS, Traffic Manager, VPN, VNET) forum
Viewing all 6513 articles
Browse latest View live

On-Premise to Azure VPN Connection

July 10, 2018, 5:47 am
$
0
0

Hi All,

I am trying to connect my on-premise infrastructure to a VM that I am hosting in Azure portal.

The on-premise server has the following configuration:

  • OS - Windows Server 2016 (VM hosted in Hyper-V)
  • Two NICs (Private and External virtual switches) 
  • The External switch is connected to my home router which in turn is connected to azure via internet
  • I have configure AD DS, DNS, DHCP and Remote access roles on this server

In Azure, I have configure a Resource group which contains the following:

A Virtual network

In short, I have followed everything specified in this tutorial:

https://app.pluralsight.com/player?course=microsoft-azure-networking-implementing&author=tim-warner&name=665d9c06-1f28-4f19-a291-f5013942078a&clip=10&mode=live

But when I make a on demand connection from my onsite server to azure virtual network gateway, though it says "connected" both in status of the on premise server and in azure, I cannot ping or RDP into the two environments.

Any ideas? Thanks in advance.

Search

Point-to-Site connection no longer working for WebApp

July 10, 2018, 8:33 am
$
0
0

Hi all,

I configured a Point-to-Site connection for a webapp in order to connect to a SQL Database on a VM. This was done back in January this year and all was working fine. We were part way through testing and the connection dropped, with no changes from our end. 

I have since logged a ticket with MS, but they are sending me around in circles and we're not getting anywhere. 

I have tested and confirm that I can ping the gateway address of the point-to-site connection from the SQL VM. I cannot TCPPING to the sql VM however, and this was something that we were able to do. I have also tested using the connection string we used to connect to the SQL database, and this fails also. 

MS cannot seem to find an issue, although there clearly is one. Any help is appreciated.

Gurindar

Accessing a File Share via VPN

July 10, 2018, 5:55 am
$
0
0

I have setup a VM and a storage account. I am using an Azure VPN to tunnel through the ATT U-Verse firewall which blocks the 445 port which allows me to use Windows Explorer to the VM shared folders.

I would like to use the VPN to contact my Storage Account's file share.  My goal is to dump the VM and use the VPN-to-Fileshare link only.

I am able to find the private IP for the machine, thus I can connect.  However, I have not figured out how to navigate to my file share via Windows Explorer through my VPN tunnel. 

Is this possible?

How do I allow communication between two Azure virtual networks with their own VPN gateways

May 24, 2017, 6:13 am
$
0
0

I need some help (or maybe a better angle of attack) connecting a few external users to our Azure tenancy.

NOTE: All resources mentioned below are in the same Azure Subscription, the same Azure Location and the same Azure Resource Group.

There's one virtual network with a Windows 2016 VM running. This v-net (call it MAIN-VNET) has a virtual gateway with a site-to-site VPN configured (call this S2S-VPN). This S2S VPN is configured as a policy-based IPSEC VPN so that the on-premise Billion 7800VDOX can connect - which it does without issue. But, because it's a policy-based configuration, I can't configure a point-to-site VPN in coexistence with this S2S. If it were route-based configuration however, P2S and S2S coexistence would work (and does - I tested it). But the on-premise Billion won't connect because it doesn't support IKEv2 (which is what route-based IPSEC VPN's use). So for now we're forced to use the policy-based config.

I have had to create a new v-net (P2S-VNET), then a new v-net gateway (P2S-VPN) and then configure the point-to-site VPN and client. I've done this and am able to connect to the VPN using the Azure VPN client successfully, but I can't access the Windows server on MAIN-VNET.

I can't create a "vnet-vnet" connection because one of the VPNs is policy-based and this is not supported by Azure.

I've tried creating a peer for both networks to each other (note that I have not ticked Allow forwarded trafficAllow gateway transit, or Use remote gateways for either), but still cannot access the server.

I've created inbound/outbound rules in the network security group attached to the Windows server that allows ALL ports between the the various subnets each v-net has and this has not helped either.

Does anyone have any suggestions on how I open traffic between the two v-nets? I need it so that any external users who connect through P2S-VPN can access the Windows server on MAIN-VNET. Users on-premise who connect to this Windows server via the Billion device and the S2S VPN have no issues connecting to the Windows server at the moment.

LAN ==> Billion ==> S2S-VPN ==> MAIN-VNET ==> Windows server [OK]

Remote user ==> P2S-VPN ==> P2S-VNET =/= MAIN-VNET ==> Windows server [NOT OK]

Find which Network a VirtualNetworkGateway is attached to

July 10, 2018, 2:36 pm
$
0
0

I'm trying to find either a list of attached VGWs given a VNet, or the attached VNet given a VGW. I'm using the java api library here: https://azure.github.io/azure-sdk-for-java/

I need to either start with a Network object in and end up with a VirtualNetworkGateway object, or vice versa. Either solution is find. Both classes are found in the com.microsoft.azure.management.network package.


Powershell - Configure Firewall "Selected networks"

July 11, 2018, 2:16 am
$
0
0

Hi, i have the powershell done to ass a vNET and network rules. I then set the default action to Deny. But when i look in the firewall blade for the firewall, its still set to "all networks" not "selected networks"

How do i change this using powershell?

What is the means in Traffic Manager?

July 11, 2018, 5:15 am
$
0
0

I saw '<any> Profile Status' in Traffic Manager Monitoring Document.

but I couldn't find explanation of Profile Status named '<any>' ...

What is the exact mean of '<any>' Profile Status?

What is the means in Traffic Manager Profile Status?

July 11, 2018, 5:15 am
$
0
0

I saw '<any> Profile Status' in Traffic Manager Monitoring Document.

but I couldn't find explanation of Profile Status named '<any>' ...

What is the exact mean of '<any>' Profile Status?


Search

Is there any way to get a p2s sstp VPN connect to connect to Azure before the windows 10 login prompt?

July 11, 2018, 11:00 am
$
0
0

The VPN connection works fine if we connect after the logging in to Windows 10.  

Any solutions or tips?

Thanks

Azure Gateway RM RouteBased S2S on-premise juniper SRX

July 11, 2018, 1:54 pm
$
0
0
Summary
The connection cannot be established because the other VPN device is unreachable
Detail
If the on-premises VPN device is unreachable or not responding to the Azure VPN gateway IKE handshake, the VPN connection cannot establish
Last run
7/11/2018, 11:57:15 AM



Device on-premise juniper SRX

P2S Azure VPN assigns invalid ips for "old school routers"

June 28, 2018, 3:09 pm
$
0
0

Hi!

So I have an Azure P2S VPN configured to assign IPS in the range 172.16.201.0/24

The first client that connects to the VPN gets IP 172.16.201.0

Everything works well (internet access and subnet access), however I have another IPSEC S2S tunnel and the router (a fortinet firewall) on the other end of the tunnel considers IP 172.16.201.0 to be invalid (as in the /24 range, the first IP should be .1). This means my first VPN client cannot access the machines beyond the S2S tunnel.

The next client and all of the next ones have a  >= .1 IP and access works everywhere, including beyond the S2S tunnel.

Is there a way to forbid assigning this .0 IP address?

Thank you very much!

Point-to-Site on Windows 8 Client connection Error 798

May 16, 2013, 7:09 am
$
0
0

Hello,

Install Certificate and Client Package and when I try to connect it shows the following error

"A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798) For customised troubleshooting information for this connection"

I have checked both cert are installed under current user in both personal and trusted root, and have tried every resource we can

We have successfully installed using same settings & process on Windows 7 without problem, the log file is as follows

******************************************************************
Operating System      : Windows NT 6.2 
Dialler Version        : 7.2.9200.16384
Connection Name       : Dxxxxxxxxx2
All Users/Single User : Single User
Start Date/Time       : 16/05/2013, 15:04:48
******************************************************************
Module Name, Time, Log ID, Log Item Name, Other Info
For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up
******************************************************************
[cmdial32]15:04:4822Clear Log Event
[cmdial32]15:04:5104Pre-Connect EventConnectionType = 1
[cmdial32]15:04:5106Pre-Tunnel EventUserName =  Domain =  DUNSetting = Dxxxxxxxxx2 Tunnel DeviceName =  TunnelAddress = azuregateway-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.cloudapp.net

Sie to Site VPN

July 13, 2018, 2:39 am
$
0
0

Hi

Has anyone got experience of using site to site VPN or express route to connect to Azure? Is the VPN option enough to authenticate users over if we were to move all servers into Azure? Are there any limitations of VPN?

Thanks

Shane

Site to Site VPN

July 13, 2018, 2:39 am
$
0
0

Hi

Has anyone got experience of using site to site VPN or express route to connect to Azure? Is the VPN option enough to authenticate users over if we were to move all servers into Azure? Are there any limitations of VPN?

Thanks

Shane


Inbound/Outbound Rules using NSG

July 13, 2018, 5:55 am
$
0
0

Hi,

We have on-premise environment and thinking to deploy RODC, ADFS and WAP in Azure VMs.

We have created VPN between on-premise DC and cloud RODC. I have created on VNET and 2 subnets (assigned NSG to both subnet). Deployed RODC and ADFS in one subnet and deployed WAP in other subnet.

User need to access cloud based application whose trust has been configured in ADFS and ADFS service is published through WAP.

Now I want to know what Inbound/Outbound rules should I assign on both NSG so that restricted traffic could flow and environment could remain safe?

Further is it possible that I could restrict internet connectivity from RODC and allow from ADFS (both VM deployed in same subnet) ? 

Search

Machine with multiple NIC's isn't communicating right.

July 16, 2018, 7:27 am
$
0
0

Hello,

I've been working to setting up an nginx proxy machine with 3 public IP's (all connected to their own NIC). 
However currently only one of the NIC's is receiving data from it's pub-ip and is able to sent data out.
I've checked the configuration and configured the NIC's accordingly to have the correct internal IP adresses but it's still not functional.

I have followed the steps on: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/multiple-nics however Ubuntu 18.04 does not have a /etc/sysconfig

What can I do to fix it?

Bandwidth requirements from our office to Azure

July 16, 2018, 10:32 am
$
0
0

I am on a team that is about to start development of a software package in an Azure environment, but our office has a rather small connection to the internet. I am trying to build a case for upgrading my office's connection to the internet.

I am trying to get a good idea of how much bandwidth we would need just to get from our office to Azure for say 75 programmers. 

Also, does Microsoft charge for network bandwidth usage from my company's office to Azure?

Azure kubernetes service - Http Application Routing with CORS access

July 16, 2018, 10:08 am
$
0
0

Hi,

I have recently signed up to a free plan for Azure Kubernetes. My question relates to configuring CORS with ingress host based http application routing on Azure Kubernetes Service (AKS). I have tried to find an Azure Kubernetes Service (AKS) forum. This is the closest forum that relates to my question.

I have enabled the http_application_routing add on for my cluster. I have initially followed the documentation at http application routing. This successfully creates DNS zone entries for each of my ingress host endpoints. However, I wish to configure CORS access between the ingress host endpoints. Firstly, I added the annotations below with thekubernetes.io/ingress.class annotation set to addon-http-application-routing.

nginx.ingress.kubernetes.io/enable-cors:               "true"
nginx.ingress.kubernetes.io/secure-backends:        "true"
nginx.ingress.kubernetes.io/cors-allow-origin:        "https://www.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-headers:     "Authorization, Origin, X-Requested-With, Content-Type, Accept"
nginx.ingress.kubernetes.io/cors-allow-methods:     "DELETE, GET, POST, PUT, OPTIONS, HEAD"

However, I could then no longer access the ingress endpoints and no DNS zone entries were created. Subsequently, I installed thenginx ingress controller onto the cluster and set the kubernetes.io/ingress.class annotation tonginx. I then configured the kubernetes DNS Zone to have A and TXT records for the nginx ingress endpoints, (see listing below), to mirror the behaviour of the http application routing add on. However, these only lasted a short while and were then automatically removed from the Kubernetes cluster DNS zone. 

Can anyone direct me to resources to:

1. Configure CORS for the ingress controller when using the ingress class addon-http-application-routing

or

2. Correctly configuring the DNS zone for each nginx ingress host endpoint so that record-sets added are not automatically removed. 

Kind Regards

dcs3spp

---
apiVersion:                 extensions/v1beta1
kind:                       Ingress
metadata:
  name:                     ingress
  annotations:
    kubernetes.io/ingress.class:                               "nginx"
    nginx.ingress.kubernetes.io/enable-cors:            "true"
    nginx.ingress.kubernetes.io/secure-backends:        "true"
    nginx.ingress.kubernetes.io/cors-allow-origin:      "https://www.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
    nginx.ingress.kubernetes.io/cors-allow-headers:     "Authorization, Origin, X-Requested-With, Content-Type, Accept"
    nginx.ingress.kubernetes.io/cors-allow-methods:     "DELETE, GET, POST, PUT, OPTIONS, HEAD"

spec:
  rules:
  - host:                   www.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
    http:
      paths:
      - backend:
          serviceName:      angular-service
          servicePort:      8080
        path:               /
  - host:                   auth.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
    http:
      paths:
      - backend:
          serviceName:      auth-server-service
          servicePort:      4433
        path:               /
  - host:                   api.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
    http:
      paths:
      - backend:
          serviceName:      rest-api-service
          servicePort:      4444
        path:               /
  - host:                   notify.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
    http:
      paths:
      - backend:
          serviceName:      file-upload-notification-service
          servicePort:      4446
        path:               /
  tls:
  - secretName:             ingress-tls
    hosts:
      -                     www.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
      -                     auth.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
      -                     api.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io
      -                     notify.f7e7bb4d71aa4ac3b098.westeurope.aksapp.io

Search Public IP Activity Usage

July 16, 2018, 7:48 am
$
0
0
I would like to monitor usage of all my Public IP's across different subscription over past 2 months.  What should be my approach. Can you please advise?

Prasad Chundi

Can not see or access Azure Resources over VPN

July 16, 2018, 5:08 pm
$
0
0

I have successfully established a VPN Connection from our office to Azure using the instructions found on this blog:

https://codehollow.com/2017/06/connect-windows-10-clients-azure-vpn/

My problem is that I am not able to attach/ping/see any of my resources in Azure, namely a 2016 VM and File Store that I want to map a drive to from Windows 10 Professional.   I can, however, map the drive to the VM internally.  

In case it matters, Port 445 has been opened on both my desktop and VM's but seems to have no effect.  I have tried connecting to the VM by both IP and //ServerName/Share, but only get Error 53 not found.

Can someone please tell me what I am missing?

Thanks!


Viewing all 6513 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>