Hi Team,
Can you please confirm how can we communicate between 2 VNETS in same region apart from VNET peering, can we have Secure tunnel between 2 VNETS's for communication?
please let me know.
thanks regards
Amey naik
↧
Communication between 2 VNET's apart from VNET peering
↧
Azure BGP Prefixes
Assuming we're only accepting the following BGP communities, how many routes (rough estimate) should we expect to receive from the Azure peer?
| East US2: 12076:51005 Exchange Online: 12076: 5010 SharePoint Online: 12076: 5020 Skype Online: 12076: 5030 Dynamics Online: 12076: 5040 Azure Global Services: 12076: 5050 Other O365 Online Services: 12076: 5100 |
↧
↧
Point To Site VPN
Hi,
In the about point to site vpn page https://docs.microsoft.com/en-in/azure/vpn-gateway/point-to-site-about it is mentioned that P2S solution is useful if you're having less number of clients to access.
What is the less number here? If I am having 100 clients is it a ideal solution?
Thanks
↧
P2S VPN not connecting the S2S VPN
Hello,
I have created a S2S (7 Sites) VPN and everything is working perfectly. I attempted to add a P2S VPN setup with self-signed certificates. It connects without trouble, but I can't access or ping any S2S subnets or devices.
I have worked through the troubleshooting and even tech support chat help with no success. Please, any help would be appreciated.
↧
azure to on premise vpn has been connected but no traffic
azure to on premise vpn has been connected but no traffic i have created the inbound and out bound rules as well
im not able to ping the vm
not able to reach the RDP
↧
↧
Odd behavior using Network Watcher- IP FLow Verify
I have a subnet, with an NSG attached.
There is only one VM in the subnet that needs to get to the Internet.
So I have a rule:
Priority=1000, Port=Any, Protocol=Any, Source=<IP of VM> Destination=Internet, Action=Allow
The rule works. But if I go to Network Watcher, and then to IP Flow Verify, I can select any VM in the same subnet, select Outbound direction, and a remote address on the Internet and the "Result" is "Access Allowed" using the rule with the single IP of the other VM.
Is there a bug in IP Flow Verify that cannot account for the IP address in the NSG rule, but thinks it is an ANY?
I have verified by looking at the flow logs, that other Internet access is being denied further down the rule chain, so it does not appear to be a functional problem with the rule set.
There is only one VM in the subnet that needs to get to the Internet.
So I have a rule:
Priority=1000, Port=Any, Protocol=Any, Source=<IP of VM> Destination=Internet, Action=Allow
The rule works. But if I go to Network Watcher, and then to IP Flow Verify, I can select any VM in the same subnet, select Outbound direction, and a remote address on the Internet and the "Result" is "Access Allowed" using the rule with the single IP of the other VM.
Is there a bug in IP Flow Verify that cannot account for the IP address in the NSG rule, but thinks it is an ANY?
I have verified by looking at the flow logs, that other Internet access is being denied further down the rule chain, so it does not appear to be a functional problem with the rule set.
↧
Site to Site VPN for Azure VM
I have a VM in Azure that is my only domain controller. I need to configure a site to site VPN between my office and the VM so that my office computers can authenticate to the DC. I tried this following a support doc that included a virtual
networking peer setup and I couldn't get it to work. On my router side it showed connected and traffic going out but nothing coming back. My VM is on one network and the network created with the site to site is a different network. Please
help!
↧
unable to add SQL node behind a basic SKU load balancer?
unable to add SQL node behind a basic SKU load balancer?
I have done this previously last year when there with the basic sku LB and when the standard sku LB was not yet available.
However now when I attempt to add a SQL IaaS from the azure store to a basic LB it states that you must use a standard sku LB.
What is going on?? why does it not want to configure behind basic sku LB?
dsk
↧
Is it possible to skip/postpone domain validation when adding a custom hostname to an app service or front door?
Hi All
Does anyone know of a way that we can complete the configuration of a custom hostname binding on an appservice hosted website, or front door front-end server before the DNS has been configured?
We are looking at moving a significant number of sites over in the near future and would make the transition a lot smoother if we could configure the Azure end ready before the DNS records have been updated. I'm specifically concerned about users hitting the servers between when we update the DNS records and us getting everything configured on Az
Thanks in advance for any thoughts you have
Mark
↧
↧
Is it possible to skip/postpone DNSvalidation when adding a custom hostname to an app service or front door?
Hi All
Does anyone know of a way that we can complete the configuration of a custom hostname binding on an appservice hosted website, or front door front-end server before the DNS has been configured?
We are looking at moving a significant number of sites over in the near future and would make the transition a lot smoother if we could configure the Azure end ready before the DNS records have been updated. I'm specifically concerned about users hitting the servers between when we update the DNS records and us getting everything configured on Az
Thanks in advance for any thoughts you have
Mark
↧
MTU size general recommendation when setting S2S in Azure
Hello Expert,
is there any general recommendation for the MTU size setting on an On-Premise VPN device when setting up S2S into Azure.
We are hitting AD replication issues and one of the pointers were the MTU size between the on-premise and the Azure DC not been higher than 1410...any thoughts?
↧
Had a webservice on Azure. But got 404 error when mapping the custom domain
We created the nodejs website based on app service. And mapping the site with the custom domain purchased from godaddy. We already mapped the azurewebsites.windows.net to custom domain. We created the @ and TXT record for the website. But still got the
404 error when visiting the custom domain.
We have followed the doc for Mapping a Custom Domain to App Service. But no luck.
Any suggestion will be appreciated
Thank you
We have followed the doc for Mapping a Custom Domain to App Service. But no luck.
Any suggestion will be appreciated
Thank you
↧
Point to Site VPN Client not able to access Virtual Machines
Hello all,
I have configured a Virtual Network (10.0.0.0/16)
With two subnets (10.0.0.0/24 and 10.0.1.0/24)
There is a VM at 10.0.0.4 and one at 10.0.1.4
I have created a VN Gateway in my VNet (10.0.2.0/27)
It is assigned a Public IP
It is configured as
-Gateway Type: VPN
-VPN Type: Route-Based
-SKU: VPNGw1
I have configured a Point-to-Site configuration with the address pool 192.168.1.0/24
I have created Root and Client certificates
I have installed client certificate onto my test PC, along w/ the VPN Client connection software.
I can initiate and connect to my VPN setup using it.
I do see an assigned IP address of 192.168.1.2 assigned to my test PC.
I am not able to RDP to either of my VMs
Also, when I go to VNet Gateway and click on the P-to-S config, there is nothing listed under the "Allocated IP addresses" section of the screen, even though my PC does have an IP assigned by my setup.
I have used these two step by step write ups:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
https://techcommunity.microsoft.com/t5/ITOps-Talk-Blog/Step-By-Step-Creating-an-Azure-Point-to-Site-VPN/ba-p/326264
What am I missing?
Why am I not able to access the two VM's I have setup?
Thank you
Seth
↧
↧
VM in VNet connected to ExpressRoute can't connect to internet
Hi all, I have an ExpressRoute connecting an on-prem network to a VNet. I have an Ubuntu VM in that VNet which I can successfully SSH to, ping etc from my workstation. However this VM cannot access the internet. I can't see anything in the NSG attached to the VNet that appears to be blocking outgoing traffic but I'm no expert at this so who knows. FYI the VM does not have a public IP (dictated by policy) and a static local IP.
How can I start debugging blocked outgoing traffic form a VM?
↧
Subnet NSG outbound rules vs effective outbound rules
I have an NSG applied to a subnet with fairly simple outbound rules:
Image may be NSFW.
Clik here to view.
However, when I look at the NSG effective outbound rules, they differ:
Image may be NSFW.
Clik here to view.
How are effective outbound rules calculated? What might cause the effective outbound rule to differ from the normal outbound rule? How do I see what is causing the difference?
Note, this NSG is applied to a subnet (not a VM NIC).
↧
Best Windows VPN for 2019
When you go online, your personal information/online data is like a book which is open for use for all. Hackers, snoopers and government surveillance are always on the other side of the door
trying to collect your data without you even realizing it! Choosing FastestVPN for Windows not only means that you’re protected from prying eyes but also your personal data is safe and encrypted and no one can use it to harm you. Moreover, FastestVPN keeps
you safe in Public WiFI hotspots, where your data is most vulnerable against cyberattacks.
↧
How to Get Azure VirtualNetwork and Azure VirtualNetworkSubConfig for Az commands?
I would like to convert these to "Get-Az" format. What are right commands?
#$vNet = Get-AzureRmVirtualNetwork -Name $VnetName -ResourceGroupName $resourcegroupname
#$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name $SubnetName -VirtualNetwork $vNet
Kenny_I
↧
↧
Appropriate certificate for Virtual WAN P2S
I'm trying out Virtual WAN P2S now.
I'm facing an error that is displayed when trying to register a certificate required by P2S.
I can ignore this error and continue the configuration, but I'm not able to proceed with work due to an error occured when I associate with the Virtual Wan Hub.
It seems to be due to an error that occurs when registering this certificate, but the certificate created according to the method of issuing a certificate for VPN P2S recommended by Microsoft.
Does anyone complete the configuration without error?
I'm facing an error that is displayed when trying to register a certificate required by P2S.
I can ignore this error and continue the configuration, but I'm not able to proceed with work due to an error occured when I associate with the Virtual Wan Hub.
It seems to be due to an error that occurs when registering this certificate, but the certificate created according to the method of issuing a certificate for VPN P2S recommended by Microsoft.
Does anyone complete the configuration without error?
↧
Error linking vnet to private DNS zone that was previously deleted
Hi, hope this is in the correct place and someone can help with this.
I linked a vnet to a private DNS zone using the Azure web portal, I then had cause to delete and re-create the resource group containing the vnet which I did.
I noticed that the link to the private DNS zone remained so, I deleted this manually (again using the portal) thinking it would need to be recreated due to new resource IDs.
Now, when I try to link the newly recreated vnet to the DNS zone I get the following error:
Failed to create virtual network link 'xx-xxxxxx-vnet'. Error: Virtual network resource identity 'xx-xxxxxx-rg/providers/Microsoft.Network/virtualNetworks/xx-xxxxxx-vnet'>xx-xxxxxx-vnet' already in use. This is possible in case the virtual network was moved, or re-created. Please contact support.
I linked a vnet to a private DNS zone using the Azure web portal, I then had cause to delete and re-create the resource group containing the vnet which I did.
I noticed that the link to the private DNS zone remained so, I deleted this manually (again using the portal) thinking it would need to be recreated due to new resource IDs.
Now, when I try to link the newly recreated vnet to the DNS zone I get the following error:
Failed to create virtual network link 'xx-xxxxxx-vnet'. Error: Virtual network resource identity 'xx-xxxxxx-rg/providers/Microsoft.Network/virtualNetworks/xx-xxxxxx-vnet'>xx-xxxxxx-vnet' already in use. This is possible in case the virtual network was moved, or re-created. Please contact support.
↧
Front door' routing rule creation with CLI enables caching by default.
Hi,
I'm creating front door routing rule using CLI(https://docs.microsoft.com/en-us/cli/azure/ext/front-door/network/front-door/routing-rule?view=azure-cli-latest#ext-front-door-az-network-front-door-routing-rule-create) But there is no such parameter to disable caching for a routing rule.
But if i create the same from ARM. it creates routing rule with caching disabled by default. There should be parameter for disabled caching in Azure CLI or by default it should be disabled.
Can someone look in the issue asap?
Hemant Kaushik
↧