I am trying to add an additional route in the Azure directory to route traffic back to our On-premise site via the Azure VPN tunnel I created. The route works fine and I can access the sub-net with no problem. However, I want to add an additional subnet and I can find the place to do it. I have added the address space, but beyond that, I can not find where to add the route.
Any suggestions would be greatly appreciated.
I'm trying to setup a haproxy + keepalived cluster - the problem i'm having is the virtual_ipaddress in the keepalive config, seems to be bonding to both hosts, so I dont think keepalived is working as it should !!!
master node ip details
[root@weeu-c-u-pxy01 conf.d]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0d:3a:25:dc:14 brd ff:ff:ff:ff:ff:ff
inet 10.20.1.39/27 brd 10.20.1.63 scope global eth0
valid_lft forever preferred_lft forever
inet 10.20.1.51/32 scope global eth0
slave node ip details
[root@weeu-c-u-pxy02 conf.d]# ip aMaster node
vrrp_instance VI_1 {
notify /usr/local/bin/keepalived-notify.sh
smtp_alert
virtual_router_id 51
state MASTER
interface eth0
priority 151
advert_int 1
virtual_ipaddress {
10.20.1.51
}
track_script {
haproxy
}
}
Slave node
vrrp_instance VI_1 {
notify /usr/local/bin/keepalived-notify.sh
smtp_alert
virtual_router_id 51
state MASTER
interface eth0
priority 91
advert_int 1
virtual_ipaddress {
10.20.1.51
}
track_script {
haproxy
}
}
Does this have something to do with multicast / unicast not being supported ???
regards
James
I have been reading this article Azure VPN Gateway about High Availability Cross-Premises and VNet - to - VNet Connectivity
It does provides VPN Gateway Redundancy information in terms of Site to Site VPN only.
But Could anyone provide more information regarding App Services (Paas) & VPN Gateway (Point to Site-VNet Integration Latency) Redundancy as I couldn’t find the following info in Microsoft Azure Site.
1. What is Azure Pass service Point to site latency time for any planned maintenance or unplanned disruption that happens to the active instance, Would the standby instance would take over (failover) automatically?
2. Can we make Active-Active connection from azure web app (Paas) to VPN gateway in case VPN is enabled with Active-Active mode?
3. If we use VPN gateway as Active-standby mode and then if active VPN instance got failed the point to site VPN connection will be reconnected automatically?
Thanks.
My scenario is like below:
BGP session I would like to setup but I am not entirely sure if that will work.
we have two Express route from two physically diverse data center terminating on the same Azure Vnet.
DC 1:
Firewall 1 ASN 6501 <--> Azure Sydney VNET-1 - ASN 12076 - Private
Firewall 1 ASN 6501 <--> Azure Sydney VNET-1 - ASN 12076 - Public
Firewall 1 ASN 6501 <--> Azure Sydney VNET-1 - ASN 12076 - MS
DC 2, ASN 6502
Firewall 2 ASN 6502 <--> Azure Sydney VNET-1 - ASN 12076 - Private
Firewall 2 ASN 6502 <--> Azure Sydney VNET-1 - ASN 12076 - Public
Firewall 2 ASN 6502 <--> Azure Sydney VNET-1 - ASN 12076 - MS
As I am planning to use the firewall there is no VRF.
I am also planning to use the BGP parameters Local pref 150 in DC1 and preped x 2 on DC2 to make sure DC1 prefer all the time.
My questions ?
Q1: Do this setup work where two different ASN from client terminating on the single ASN ad VNET at Azure.
Q2: Do I need to have the VRF or Firewall policy to set apart the all 3 session is good enough?
Q3: Can I control Azure Vnet via BGP Prepend to make sure it always send the traffic to DC1 and if the DC1 is not available then only it sends the traffic to DC2?
Q4: Do Azure has Networking only read only or read and write access as it is going to be hard to get control from Server team for azure unless it is only networking part.
Thanks,
Nilay.
We have a few namespaces live onhttp://accesscontrol.windows.net for authentication. This entire domain seems to be removed from the DNS servers / is seemingly down already while it is supposed to be going down in November 2018.
You can see an example when you visit https://start.mijnhva.nland click the login with Microsoft or login with Google button.
Please fix this!
Hello,
From time to time, I experience a 'Failed' value for the 'properties.provisioningState' field (JSON response) when querying a network interface. This state iis 'Succeeded' again after restarting the attached VM.
1. What exactly the 'Failed' state means? (in regards to network interface/IP configurations)
2. What may be the reason(s) for this state?
Some more details:
Our application is running on Ubuntu 14 VM. Two identical setups are created, each with single NIC and single local and public IP. Both NICs share the same subnet.
From time to time one of the applications (there's always an active one and a backup) swaps the public IP between the NICs by using Azure REST APIs. Part of the swap process is to verify NIC status. For that a query for NIC info is sent, but as mentioned above, sometimes the response's 'provisioningState' field is in 'Failed' state (I'm getting this state in both 'properties.provisioningState' and 'properties.ipConfigrations[0].properties.provisioningState')
3. Are there any logs to search for the cause of this failure?
Hope I'm clear.
Thanks,
Zion
Hi all,
I'm writing a script to monitor the VPN connection between Azure and on-premises (pretty much like this one https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitor-with-azure-automation#scenario)
I'm facing the below error
Start-AzureRmNetworkWatcherResourceTroubleshooting : NetworkWatcher troubleshoot gateway Vpn type not supported, current type PolicyBased, supported types RouteBased StatusCode: 400 ReasonPhrase: Bad Request
Is there anyway I can workaround this? any other methods to monitor the VPN traffic other than Azure Network Watcher as it's not supported according to https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-troubleshoot-overview
Thanks and Best,
Bassel
Hi Azure Team,
We are currently planning to build an IAAS environment in Azure and we will have to connect a single VNET to two different expressroutes connecting to two Data Centres using different AS #. Can you please confirm if this is possible?
Thanks
Daryl
Hi All,
I'm currently working with a customer to design a Windows 10 AlwaysOn VPN solution.
In order to keep infrastructure to an absolute minimum, I was hoping to recommend that we Azure Virtual Network Gateway as the VPN endpoint. However, they have around 200 users and I'm aware that a single Azure VNG only supports up to 128.
Is there any other way that we could get more than 128 clients to work with Azure VNG(s)?
The customer will be using a hub-spoke topology, one idea i had was to deploy multiple 'core' VNETs and VNGs - and then use traffic manager to load balance clients between the 2 VNGs. Although I think this would work technically, it's not a practice that I've seen or heard of being done before.
Thank you in advance
Jon
Hi all,
I know the TP-Link TL-R600VPN is not officially a supported device for creating an IPSec Site to Site VPN, so would appreciate any help. I have the above device in my home office, and when I work on client projects, would like to be able to create a site to site tunnel. The device is capable of doing this, but my settings must be incorrect. It's on the latest firmware (4.0.3 Build 20180530 Rel.63202) and hardware version is 4.0.
Anybody have any idea what the correct settings are and if possible a step by step?
Jheeta
Hi Expert,
I have the following scenario
My questions on the above scenario are thus
Thanks
Hello,
i'm trying to deploy a WAF on my subscription but i'm getting this error:
previosly the waf got "failed state" alone. Now i deleted it and tried to redeploy(on same vnet, is the only one that i have) and now i had that problem. I have another one in the same subscription and in the same resource group and it works fine.
Thank you
I am unable to create internal load balancer using terraform.
Anybody tried this ?
provide me some links if possible
Thanks,
Bhushan
Pravin.S.Kamane
So of course I am aware that Central US had an impact on the Azure Resource Manager so it may have been my redeployment of a Virtual Network Gateway yesterday that created my current predicament.
So since the Azure Resource Manager should be back up, at least it is answering to my input, I thought I could start a cleanup of my test resource group, but I cannot delete my GatewaySubnet.
I cannot see any resource, including no Virtual Network Gateway blocking the resource (Listing Virtual Network Gateways in the affected resource group just returns [])
So since I cannot delete the subnet and no gateway is left, I went on troubleshooting the VNET deletion with Azure Resource Explorer. I can reset all the resources to provisioningState "Suceeded" however I will not be able to delete them.
Why am I suggesting that there is a gateway stuck in the backend?
Well deploying a new virtual network gateway to the affected resource group returns the following error:
"The resource operation completed with terminal provisioning state 'Failed'.
"GatewayModeRequirementNotMetForCoexistence\"
"Operation failed for virtual network "VNETNAME" as only one Dedicated and one DynamicRouting gateways are allowed in a virtual network."
az resource list -g RESOURCEGROUPNAME
[
{"id": "/subscriptions/SUBID/resourceGroups/RESOURCEGROUPNAME/providers/Microsoft.Network/virtualNetworks/VNETNAME","identity": null,"kind": null,"location": "westeurope","managedBy": null,"name": "VNETNAME","plan": null,"properties": null,"resourceGroup": "RESOURCEGROUPNAME","sku": null,"tags": {},"type": "Microsoft.Network/virtualNetworks"
}
]So is this still a problem with the current situation in Central US? My Azure Location is Western Europe.
Cheers,
Andreas
I am looking at setting up a VPN connection back to our headquarters from our Azure instance. Is there a way to set it up to utilize both Public IP Peers on the ASA? I have it setup route-based to our firewall, but when we failover to the other ISP it goes down.
Any Suggestions?
Thanks,
Tom
Hi,
We have a customer wanting to deploy at least two Domain Controllers on Azure VM's, on different locations.
The Domain Controllers need to communicate with each other.
Which is the best way to address it? Or (maybe) the only way to do it? Creating two Virtual Networks on different locations and using the Virtual Network Gateway from each one to connect the other (create a VPN S2S)?
Thanks you so much.
Hello,
I have a web application configured with 3 deployment slots, each with a custom subdomain. I am trying to configure an application gateway to simply route to one of the slots (test.mydomain.com). The backend pool of the AG has just one FQDN, mydomain-testing.azurewebsite.net. End to end SSL is setup.
What I am finding is that when I enter "https://test.mydomain.com" in the browser, it is actually redirecting (and changing the URL) to (mydomain-testing.azurewebsite.net). My expectation, and what I see on numerous tutorials, is the URL should be retained as https://test.mydomain.com, rather than exposing the FQDN of the backend pool.
Is this expected behavior, or is there a limitation due to having a deployment slot FQDN as a backend pool member? Is there any way to retain the custom domain name?
Thanks,
Jack
I am having problems setting a VPN with IPSec in an Ubuntu VM using strongswan package. How should I configure the virtual networks to allow this type of connection?
The VM is deployed using "Resource Manager" model, and has a private and a public IP assigned.
Thanks
I have been tasked with filtering all traffic from my web app except *.gov clients. I have limited things available
in the Government Azure. Does anyone have any ideas to make the NSG's block with domain names and not by IP addresses?
Jim