Quantcast
Channel: Azure Networking (DNS, Traffic Manager, VPN, VNET) forum
Viewing all 6513 articles
Browse latest View live

How to get all of the content from my Wordpress blog behind Azure's Application Gateway to direct to the proper service?

September 26, 2019, 6:49 am
$
0
0

I have a .NET website and Wordpress blog (I'm using a theme) hosted in Azure. Both are behind an Application Gateway. I have a path based route for the blog pointing at /StayorVaycay/Blog, and for the most part, that works. The website is up and the blog page opens. However, the page looks weird because not all of the files that need to load are pointing to the proper service. Some, again not all, of the needed blog files are pointing to the blog service and are loading, but the others are pointing to the website service where the files do not exist. The blog site is at StayorVaycay.com/StayorVaycay/Blog. Feel free to look to see what I am referring to. Just an FYI, the blog is not linked in the website because it is clearly not ready so only if you know how to get to it, can you access it.

Routing Rules

Failing Routes

Working URL: http://stayorvaycayblog.azurewebsites.net/wp-includes/css/dist/block-library/style.min.css?ver=5.2.3

Not Working URL: http://www.stayorvaycay.com/wp-content/themes/newsanchor/css/bootstrap/bootstrap.min.css?ver=1


Search

Not able to RDP Azure VM through P2S vpn

September 25, 2019, 7:11 am
$
0
0

Hello,

I have a P2S vpn configured to access the Azure workload. It is configured with sufficient address pool ( /24) to accomodate multiple users to connect. 

Both myself and customer are using the same vpn configuration to access the azure VM. 

However customer is not able to access. 

btw, we have an additional domain controller on Azure , configured with S2S. 

Have done the following. 

  • Manually added VPN in windows laptop.
  • Enabled split tunneling. 
  • manually added routes. 
  • Updated DNS entry with correct server name in VPN adapter 

Customer is able to connect to the VPN, it says connected, but can't PING the IP.

can someone please help, what else I can check. 

Get-VpnConnection azwedrvnet01
Name                        : azwedrvnet01
ServerAddress          : azuregateway-xxxxxxxxxxxx-xxxx-xxxxxxxxxxxxxxx-xxxxxxxxxx.vpn.azure.com
AllUserConnection     : False
Guid                        : {xxxxxxxxxx-xxxxx-xxxx-xxxxx-xxxxxxxxxxxx}
TunnelType              : Automatic
AuthenticationMethod  : {Eap}
EncryptionLevel            : Optional
L2tpIPsecAuth             : Certificate
UseWinlogonCredential : False
EapConfigXmlStream    : #document
ConnectionStatus         : Connected
RememberCredential    : True
SplitTunneling              : True
DnsSuffix                      : roo.iq
IdleDisconnectSeconds : 0


Regards

Thahif

Connection Troubleshoot - could not open socket to VM on a subnet

October 14, 2019, 4:30 pm
$
0
0

I am currently building out the base infrastructure for an Azure setup. Currently 2 Vnets. 1 internal and 1 DMZ. internal works perfect.

The DMZ we built and am testing today. Not sure what is going on with a VNET that one of the guys built but I can't get traffic back to on-prem to work.

Using the network watcher connectivity check from the VM I put on the subnet to an ip that everything should be able to get to rem. I receive the following

It says the Socket could not be opened to run the connectivity check. I do not get that from any of the other vms on my other VNET.

Any idea what is going on? Its not just THIS VM either, it happens to even fresh deployed VM's which I have already tried.

I thought I built everything the same way as my working VNET but obviously not. I get all green trying the same check from my other VNET and to an on prem server....

Chaos causes progress, Order inhibits it.


Step-By-Step-Connect-your-AWS-and-Azure-environments-with-a-VPN

October 14, 2019, 6:54 pm
$
0
0

Hello Bharadwaj,

I am required to investigate the working in my organisation between azure and aws vpn by referring this site 
https://pixelrobots.co.uk/2019/03/create-a-site-to-site-vpn-between-existing-azure-and-aws-resources/


However, I was advised by the support group to refer this site https://techcommunity.microsoft.com/t5/ITOps-Talk-Blog/Step-By-Step-Connect-your-AWS-and-Azure-environments-with-a-VPN/ba-p/339211

and i am stuck at these steps in the above document,
****
At this point I deployed 2 VM on the network.  One Windows 2019 DC and one Linux box.

Install domain services and DNS on this server and Promote the Windows machine to a DC
Set Vnet DNS setting to use the Windows DC as the vnet DNS
****

As the support had requsted me to raise a ticket - i have done the same and here is the ticket
 https://social.msdn.microsoft.com/Forums/en-US/b80b4d9c-bc97-48f3-8a49-1519c4299228/stepbystepconnectyourawsandazureenvironmentswithavpn?forum=WAVirtualMachinesforWindows

Please help me out here.

regards,
sunil 

subbaiah scott sunil <ssuns2004@gmail.com>

Frontdoor appears to be disabling ARR affinitty at the app service level

October 15, 2019, 2:08 am
$
0
0

Hi

We are in the process of moving a web application in to Azure. For this to work we are using FrontDoor to handle routing to the correct local app service hosting the codebase. Within each app service we have a minimum scale of 2 instances.

Until some changes currently in progress are complete we require users to be routed to the same instance, i.e. maintain session affinity. At the app service level we have ensured that ARR affinity is on. When we route requests directly to the app service this works fine, but when routing through FD the affinity is not being maintained.

Any advice on how we solve this would be much appreciated.

Thanks in advance

Mark

Force inbound and outbound traffic of an Azure App service plan

October 15, 2019, 5:59 am
$
0
0

Hello Experts,

If I have an NVA w can I force the traffic of an Azure App Service Plan website (not an isolated ASE) through the NVA without the need of using Application Gateway with WAF?

How to renew Dynamic Public IP?

October 15, 2019, 12:31 pm
$
0
0
We have a testing solution that needs a reliable way to renew our Dynamic Public IP Address.
This public IP is associated to a "IP Configuration" in a "Network Interface" attached to "Virtual machine".

If we disable the public IP from the "IP Configuration", removing the association, and associate it again, a new dynamic IP is setted. That's exactly what we need, but there's any commands or API to do this? or any better way?

Thanks in advance.

Ensure outbound traffic from a VM is using assigned public IP

October 15, 2019, 2:39 pm
$
0
0

Hi,

I have an Azure VM and the inbound traffic from the Internet to the VM is going through the VM's public IP configured on the firewall. For inbound traffic, there is no problem but for outbound traffic from the VM to the internet, it does not go through the firewall and seems to use some shared public IP by Azure. Is there a way to ensure the outbound traffic goes out with the same public IP as the inbound? 

Thanks,

Search

Using VNet Preview from two plans

August 5, 2019, 5:36 pm
$
0
0

I have a couple of App Services in different plans

I am trying to connect from one AppService1 in plan 1 to a Vnet, using Vnet (Preview) and it is working fine

When I try to connect from AppService2 on Plan2 to the Vnet using Vnet Preview I cannot use the same subnet and if I add a new subnet and connect it it still can't reach the resource I tried tcpping and I am getting 

Connection attempt failed: An attempt was made to access a socket in a way forbidden by its access permissions

Does anyone had similar issue and what was the solution

The resource I have used to make this connection

https://docs.microsoft.com/en-gb/azure/app-service/web-sites-integrate-with-vnet

Azure Application Gateway - How to set backend pool target type using RM power shell

October 16, 2019, 3:15 am
$
0
0

Hi , 

Azure Application Gateway - How to set back-end pool target type using RM power shell 

Regards,

Shibin KM 

MultiType and multipoint Azure VPN and resolution of a hostname

September 9, 2019, 12:31 pm
$
0
0

The scenario is as follows. I have 35 stores and 1 HQ. The stores as well as the HQ are connected with each other with site 2 site vpn.The HQ is connected with site2site to Azure in order to replicate the AD, access the DB and all other Azure VMs. All the stores are connected with p2s with Azure. From Azure when i try to accεss any of the stores that are connected with p2s sometimes using the hostname the resolution will follow the sortest path which is the p2s but some other times it goes through the HQ site2site which takes longer and some times fails. How can I avoid routing back to the store through the HQ s2s path and force going through the p2s?

Thanks in advance

Can't add existing Virtual Network to new Virtual Network Gateway: "in use"

October 16, 2019, 12:48 pm
$
0
0

Hello,

This is certainly user error but I'm hoping I can find a way to workaround it without redoing everything.

I've created three VMs and am now realizing I need to add a Virtual Network Gateway, to create an S2S VPN with my LAN, but I'm unable to select my existing VNet. While creating the gateway it says the VNet is "in use".

The nics on the VMs have public IP addresses. Could this by why the VNet is considered "in use"?

I've been unable to find an answer to this thus far. I suspect I've gone in the wrong order...

Azure DC in different region/vnet where Site to Site VPN is configured. Cannot promote new DC in that region.

October 16, 2019, 3:02 pm
$
0
0

1- I have two regions/two VNETs

2- Region 1 has a Site to Site VPN configured to talk to DC on-prem. (added DC to Azure successfully)

3- Region 2 has Global Peering configured to talk to VNet1 in Region 1.

4- Cannot promote DC in Region 2 because I cannot talk to On-Prem Domain Controllers (RID master not available)

Question: How can Region 2 can talk to on-prem domain controllers? Do I need to configure another Site to Site VPN from Region  2 to On-Prem?

Thank you,

pcstechinc22@gmail.com

Does Windows Application Firewall (WAF) allows to set blacklist of malicious IPs based on a realtime list?

October 11, 2019, 3:59 am
$
0
0

I am planning of integrating WAF with our Azure services. However, my main agenda is to protect the application against malicious users identified with high risk IPs. I know Azure provides a real time blacklisted IP list that keeps updating with time if we go with their Firewall. I am confused to whether the same service is also available with WAF v1 or v2?

Will highly appreciate any help on this topic.

Virtual Wan Networking

October 10, 2019, 4:21 am
$
0
0

Hi

I'm trying to configure a proof of concept.

At the moment i can not get firewalls to test with the VPN's. I was planning to get a P2S connected to each Hub but its not allowing me to configure this.

As you can see with the diagram below I have 2 Hubs one in the UK and 1 in the US.


I need to achieve the following.

  1. Windows 7 PC's in each Vnet can communicate with each other.
  2. User in site 1 can access both PC’s in VNet 1 and VNet 2.
  3. User in site 1 can access Windows pcs in site 2,3, and 4.
  4. P2S connection to the Hub in region 1 and connect again to both Windows Pc’s and users PC’s in sites 1,2,3 and 4.

Requirement 1

This would not work and I had to peer the two VNets.

Requirement 2

Due to not having the firewalls I’m unable to test at this moment in time. Can someone advise if this would work.

Requirement 3

Due to not having the firewalls I’m unable to test at this moment in time. Can someone advise if this would work.

Requirement 4

Cant even set this up due to errors when it creates the hub after adding the P2S details while doing the initial configuration of the Hub. Any help appreciated. I have tried via the standard Azure portal crated a new Hub and doing the Wizard added the P2S, added certificates and this failed to create the Hub. In the preview portal there is no wizard and I do not have any P2S option available.

I understand this is preview, can anyone advise how to get this working and If I can’t has anyone done this and can verify requirement 4 would work?

Thanks

Mark


Search

Site-to-site VPN with AWS

October 9, 2019, 12:10 pm
$
0
0

Hi Experts,

I need to create a VPN between AWS and Azure. A resource in AWS needs to connect to a SQL server in an Azure Vnet. The problem is, I cannot create my VPN connection within the AWS VPC based on the Azure address space and vice versa. So let's say my VPC is 10.0.0.0/16 and my Azure Vnet is 192.168.10.0/24. For complicated reasons, in AWS I cannot set up the VPN based on 192.168.10.0/24 being the 'customer' address space. Essentially, I have a need to create a very large number of VPN connections to multiple networks, at somer point or another I'll overlap. 

My current work around is to use a generic range of Ip addresses (let's say 10.240.0.0/12) and route matching traffic to my VPG via route tables. I then set up my customer gateway and VPN connection. In my VPN connection, I set a static route for let's say 10.240.0.1/32. I have tested this theory with an on-prem VPN solution. It works fine but of course, I have to NAT 10.240.0.1 to the private IP of my SQL server. This is the route the traffic takes (as far as I understand):

Resource looks for 10.240.0.1 for SQL server. Route tables tell traffic it needs to go to the VPG. Static route tells traffic to go through my VPN connection. VPN device at the other end translates the destination to let's say 1192.168.10.15. Traffic lands at SQL server.

So in Azure, I have replicated this process and successfully created a VPN connection with two tunnels. However I can't work out how to translate the traffic. I have tried a loadbalancer and route tables to no effect. Can anybody suggest how I can DNAT?

BGP when cutting over from VPN to ER

October 8, 2019, 11:04 pm
$
0
0
Will there be any changes to BGP when cutting over from from VPN (BGP propagation disabled) to ExpressRoute? What about when vWAN and/or PrivateLink are involved? I've seen BGP broadcast to on-prem using vWAN, want to make sure it doesn't happen here.

Andrej Rosic

Cannot deploy Azure Bastion

October 8, 2019, 5:18 am
$
0
0

Hello

Not sure if this is the correct forum?

I have enabled Azure Bastion (Preview) in my tenant and subscription using the relvant Powershell commands.

Everytime I deploy a Bastion, it errors.  I have never successfully deployed a Bastion yet.  The error is:

The status for the deployment comes up a 'Conflict'.

The errore details are below.

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"VmssGatewayDeploymentFailed\",\r\n \"message\": \"The gateway deployment operation failed due to an intermittent error. Please try again.\",\r\n \"details\": []\r\n }\r\n ]\r\n }\r\n}"}]}

I have a few articles about it, but all they say it try again.  I have redpeloyed many mutiple times but always the same error.  i have tried from scratch multiple time but alwasy the same error.  I have tried different subscriptions, but always the same error.

Does anyone have any ideas?

Thanks

Richard

Routing L2TP Client

October 7, 2019, 3:57 am
$
0
0

Hi,

I'm facing an issue with routing.

I've a Firewall connected with a site to site to Azure.

In Azure the address are on 192.168.60.0/24

On Firewall the address are 192.168.1.0/24.

L2TP Client via firewall are on 192.168.30.0/24

The site to site work perfectly.

The problem is when I connect an L2TP client through my firewall: I cannot reach directly Azure Server.

I've configured a route on my Firewall that has 192.168.30.0/24 as source, 192.168.60.0/24 as destination and as Next-hop the Tunnel.

But I'm not sure which is the route to setup on Azure.

The VPN is policy based (non route based, because Firewall actually not support this function).

Can someone help me?

Thank you

Exchange Online Migration - ExpressRoute

October 4, 2019, 2:50 pm
$
0
0

Hi,

I know ExpressRoute is not recommended (but is supported) by Microsoft for Office 365 traffic and utilising internet links is the preferred method.

We have a customer who already has an ExpressRoute configured and ready to go. My concern is that they have this configured for egress but not ingress (as they certainly don't have Autodiscover, MRS, Web services etc) configured.

There seems to be limited documentation on how this works but I am correct in thinking for Autodiscover, EWS etc we add those records into Public DNS and map it to an external IP address and Express Route will have specific routes advertised for those endpoints and external users would use the standard internet routes? 

Would there be any issue why egress traffic could go via ExpressRoute and ingress traffic traverse the internet?

Any advice greatly appreciated. We really don't want them going down the ExpressRoute method but we are having our hand forced here.

Viewing all 6513 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>