Quantcast
Channel: Azure Networking (DNS, Traffic Manager, VPN, VNET) forum
Viewing all 6513 articles
Browse latest View live

Azure Site2Site Policy Based VPN (IKev1)

$
0
0
Hello Team...I established a site to site VPN using Policy based option(Ikev1) and the tunnel was connected. The VM in azure needs to talk to 3servers on premise but it can only reach one at a time....I have rotated the IPs by removing them in turns and I was able to reach them one by one but could not reach more than one when the 3 are in ACl..The onprem router is cisco ISR and it is  supported...What am I missing pls.  I will appreciate suggestion and advice.

"The expert in anything was once a beginner"


NSG drops NIC after associating PIP

$
0
0

Hi all,

Ok, this is the situation and I would like to know if this is intended behavior or not. I have a running machine that needs to communicate to the outside world for reasons. To minimise downtime I do the following

Deploy Public IP (PIP),
Deploy Network Security Group (NSG),
Associate NSG to existing NIC 'Some_Nic_nic0',
Associate PIP to existing NIC 'Some_Nic_nic0'.

This all seems to work just fine, no errors and the reason I do this is to prevent the machine for even a second to be on the open internet.

However, when you do this it seems that the moment you associate the PIP to the NIC, the NSG drops the link with the NIC. Meaning, if you do not know this your machine will be on the internet without any NSG in front of it.

Anyone know if this is intended or is this an actual bug?

How to connect the same vnet with a peering.

$
0
0
We have a vnet with a virtual network gateway in place. We would like to connect the same vnet with a peering. Is that possible? is there  some architecture scenario suggested for this case?

2 vnets .... best way to block everything but a few select ports?

$
0
0

Right now I have 2 vnets that are peered but one of them is supposed to be a DMZ subnet with only a couple ports going back to the "internal" subnet. i.e. dns, ad trust and a few other ports.

what is the best way to achieve this? we are putting up the base infrastructure right now so I want to get it right before it goes production.


Chaos causes progress, Order inhibits it.

Issue with Site-to-Site Connectivity and VNet-VNet Connectivity

$
0
0

Hi Everyone,

We have our Landscape over 2 Azure regions viz. Region-01 and Region-02. We have setup Site to Site VPN Connectivity between our On-premise Gateway and Azure Gateway of Region-01. Have also setup VNet-to-VNet connectivity between VNet (Region-01) and VNet (Region-02). Now, I'm able to ping VMs in Region-01 from On-premise Network and also VMs in Region are able to ping VMs in Region-02, but VMs in Region-02 are not pinging from On-premise Network.

My query is - What setting / change in configuration we need to do, so that I'm able to ping my Region-02 VMs from On-premise Network.

Thanks

Kumar

WAF: HTTP Error 404

$
0
0

Hi

I've setup WAF for Application which is loaded to VM: IaaS Type Ubuntu 18.02 LTS

VM contains 4 Apps with different hostname.

  1. 1. domain.com
  2. 2. subdomain1.domain.com
  3. 3. subdomain2.domain.com
  4. 4. subdomain3.domain.com

Each app path created per app e.g var/www/domain.com etc.

Created 4 HTTP Settings per Hostname which "pickhost name on backend address" is selected 

Listeners set to multi-site and pointing to hostname

Backend Pool points to IP: 10.0.0.4

Health Backend Health shows Good, now I'm still getting Error 404 Not Found. I'm stuck on this level.

Looking for C# code snippet for deleting and creating the loadbalancer rules for the given SLB

$
0
0
Looking for C# code snippet for deleting and creating the loadbalancer rules for the given SLB

Anand

How to verify account

$
0
0

Apparently I can't include an image until my account had been verified...

...But I can't see a link anywhere to allow that to happen.

So: How does one verify an account on these 'ere forums?


List devices associated with a vNet using Powershell

$
0
0
In Azure Portal, you can see a list of devices that are associated/connected to a vNet. Is there a way this can be done through Azure Powershell AZ module, to get a list of devices linked to a vNet? Thanks greatly.

Bastion RDP Setup

$
0
0

Hi there,

I have an Azure Linux VM with a Public IP address of 52.191.251.32 and a Private IP address of 10.0.0.4. There is a "default" subnet with an address space of 10.0.0.0/24.

I would like to configure Bastion to RDP within the browser. I have attempted to set up the AzureBastionSubnet with various IP address ranges, but have received the following two errors:

1) The specified address space overlaps with subnet 'default' which has a range of 10.0.0.0/24.

2) Your subnet is not contained within the address space for this virtual network: 10.0.0.0/24

I have read all documentation and FAQ available, and am not able to determine what IP address range is needed to configure the AzureBastionSubnet to enable Bastion RDP within the browser. Any assistance would be appreciated - let me know if there is other information I might need to provide.

Share a single public IP for outgoing traffic from various resources in a vnet?

$
0
0

We have a bunch of services in a vnet (consisting of several subnets), including app services, stand alone virtual machines and scale sets. All of these needs outgoing internet access, but most of them accept no incoming traffic. Is it possible to configure this setup so that they all "share" a single public IP for this outgoing traffic? An IP that we can "control" ourselves (ie it is an ARM resource that we can see in the portal).

When I google on this problem, all I seem to find is solutions about machines behind a single load balancer (or application gateway), and the traffic being both incoming and outgoing. Instead we want something more like the network is built up in a normal office, having a bunch of various computers and servers, most of which are not reachable from the internet, but almost all of them having outgoing internet access, and when they reach they internet they all "go though" the same public IP.

Is there a way to achieve this in Azure? And can it be done by someone who has no real networking skills? Maybe there are some guides that describe how to do this? And a complete ARM template example would be great too.

Also, all our VMs are Linux servers.


Reduce Billing

$
0
0
How can I prevent VPN Gateway from more billing?

Mudasir

Unable to Upload .CER on Application Gateway

$
0
0

Hi

I've managed to create a Key Vault and uploaded the .pfx file, now download the .CER file to upload it on HTTP Settings

I'm getting an error which I'm stuck, using the correct domain.

Microsoft NPS Server not Authenticating to Azure Active Directory Domain Services

$
0
0

Configuration Summary:

- Have a VPN Successfully configured between on-Premise LAN and Azure Environment, which includes active AADDS.

- There is an on-premise Microsoft NPS VM Guest, which has been joined to the AADDS Domain, via the VPN Connection.

- Have configured on-premise Wireless network to utilize RADIUS 802.1X authentication via the on-premise Wireless Controller, which is configured to use the on-premise NPS Server Guest VM.

On the Event Viewer for the NPS Server, am getting the following errors:

The Network Policy Server was unable to connect to a domain controller in the domain where the account is located. Because of this, authentication and authorization for the RADIUS request could not be performed.

So I know the RADIUS requests are making it to the NPS server. Just can't figure out how much further, then this, the requests are traversing. Getting some logs would be great, but they seem to be empty, when they are requested, from the various dependent Azure Resources.

Am I missing anything in this particular RADIUS Setup?

Does the applicable NSG in Azure, require additional entries, to allow communication, with the Domain Controllers?

Migrate domain name form Smarter ASP.NET to Azure

$
0
0

I have my domains pointed to Azure so I can use them on Azure without any problems.  I am scared SmarterAsp.Net will go out of business.  I don't want to be stuck and unable to renew my domain.  I want to transfer it competently.  What would be the steps to get this done?  Any advice would be greatly appreciated.  Thank you.  Paul


MacOS Catalina IKEv2 VPN Client to Azure VPN Gateway Incompatibility

$
0
0
Hello, we are having trouble connecting to our Azure VPN Gateways with the Native IKEv2 VPN client from our MacBooks running Catalina. Older versions of MacOS are working fine. Do you have any additional insight on your side as to any known compatibility issues and workarounds? Thank you!

Unable to use "https://imms.XXXXX.ca/start" when including Fronto Door IPs in Network Restricted Access

$
0
0

I have implemented Azure Front Door.

I've also included the Front Door IPs in the Network Restricted Access so that ISO 27001 rule (restrict access) is satisfied and my client is satisfied that the iso 27001 REGULATORY COMPLIANCE is being met.

https://imms.XXXXX.ca/start is a folder with an ASP.NET page (PPPPP.aspx) which is defined as a DEFAULT DOCUMENT.

When I try to access https://imms.XXXXX.ca/start , it sends me to the backend address https://XXXXX.azurewebsites.net/start/ with a 403 error.

When I try to access https://imms.XXXXX.ca/start/, it works.

I need it to work with just https://imms.XXXXX.ca/start

When I remove the Front Door IPs from the NETWORK RESTRICTED ACCESS, 

https://imms.XXXXX.ca/start works but I am no longer "in compliance" with ISO 270001.


Point to Site VPN in AZURE

$
0
0

Hi,

I have deployed  Point to Site VPN in Azure with the help of Self-Signed Certificate. It is working.

Could you please tell me how I can do with the help of commercial certificate? like digicert, godaddy etc. Which Certificate I will buy? How to make certificate request etc. thanks

Regards

Azure DNS

$
0
0

hELLO

I am in need to know how can i size azure DNS in pricing calculator?


Mudasir

Joining computers to domain over Azure P2S vpn AND logging in users

$
0
0

I have setup a couple clients now with new Windows AD domains on a vm in Azure. I then join all their computers to this domain. The office computers join fine over the S2S vpn. The issue I'm having is not necessarily joining computers to the domain over the Azure P2S vpn client, but logging in users after the machine is joined to the domain.

Continue to get the following message when attempting to connect to the Azure p2s vpn with the vpn icon on the login screen.

'We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again. If you previously signed into this device with another credential, you can sign in with that credential.'

Right now, to get this to work, we are having to join the computer to the domain using a local admin account. Then switch users just after joining it to the domain. Log in with the domain user's credentials, and then reboot.

Thanks!!!

Dave

Viewing all 6513 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>