Quantcast
Channel: Azure Networking (DNS, Traffic Manager, VPN, VNET) forum
Viewing all 6513 articles
Browse latest View live

Fotigate VPN Site to Site Tunnel becomes unresponsive

April 3, 2014, 11:04 pm
$
0
0

Hi,

We've configured the site to site connection from our Fortigate 3016B.

Phase1, and 2 connect.

Azure range:

10.1.0.0/16

Local Range:

172.16.4.0/24

192.168.0.0/16

Once the tunnel is established we will get periodic comm's to ssh to a linux VM, but then the traffic drops away.

I noticed this question posted:

http://social.msdn.microsoft.com/Forums/windowsazure/en-US/8a00ce6a-584f-489f-a7dd-94bca4445a73/vpn-tunnel-timeouts?forum=WAVirtualMachinesVirtualNetwork

My question is, if our local network is 192.168.0.0/16, would that mean the Azure network would also need to be 192.168.0.0/16? This doesn't make sense to me, but we have this issue currently of the tunnel that is unstable and unusable.


Search

How to access Virtual Machine through Site-to-Site VPN

April 4, 2014, 8:57 am
$
0
0

Hello,

I have created a site-to-site VPN and the tunnel is coming up just fine. On the Azure side, I created a virtual network and used these values for the Address Space:

192.168.10.0/24

Subnet-1   192.168.10.0/27
Gateway    192.168.10.32/29

Now that the VPN came up (Phase1 and Phase2 are working great!) I can ping from my LAN to 192.168.10.0 and I get replies. I can see traffic flowing through the VPN tunnel. So far, so good.

I also have an Azure virtual machine. This VM is set up to use DHCP and has obtained an address by DHCP.  My question is this: How do I configure things so that I can assign an address such as 192.168.10.10 to my virtual machine?  Eventually I am going to want to do auto scaling, so maybe DHCP is the way to go so that Azure can create more VM's for me on the fly?  I just don't understand how this is supposed to work in terms of the LAN setup on the Azure side.  I have read every document that I can find (there are quite a few) but it still does not make sense to me how the firewall will know to route incoming requests for 192.168.10.X to my virtual machine.  The virtual machine itself also cannot ping hosts on my local network, even though policies are set up to allow all traffic in both directions.  So it seems my issue is trying to get a proper understanding of how the IPV4 mapping is done with regard to these virtual machines and the Azure firewall.

I look forward to hearing any thoughts you have.  Thanks!

How to connect AWS VPC to Azure VPN

April 5, 2014, 1:00 pm
$
0
0

Hi,

We have our Active Directory in a VM on Azure. We currently use Amazon Workspaces as  VDI solution and want to authenticate users against our AD on Azure.

How can we create a connection between AWS VPC and our Azure VPN?

Thanks, Sam

Azure Load Balancer - Query for VMs in rotation or removed from rotation

March 12, 2014, 11:10 am
$
0
0

From what I can tell, there is no way to know if any of the VMs configured as part of a Load-Balanced Set has been taken out of rotation based on bad configuration such as incorrect probe configuration. I see a PS script to set the Azure Load Balancer Endpoint - Set-AzureLoadBalancedEndpoint. 

But there is no way from what I can tell via PS or in the Portal to notify or alert me when a VM is no longer part of the LB Set due to some issue. I can use the PS CmdLet Get-AzureEndpoint to list the configured endpoints for the VM, including if it's part of a LB Set. But I can't see that it tells me that it's not receiving requests.

Is there a way via PS or in the Portal to notify or alert me when a VM is no longer part of the LB Set due to some issue. If not, is there any thought in terms of the roadmap to making this feature available via a PS Script, the Azure Portal, or via SCOM?

can i create a VM with 100 cores?

April 7, 2014, 8:39 am
$
0
0

if the core is not based on real cpu, can i make a VM with 100 cores?

thanks

Hybrid Web Application - Network Connectivity

March 29, 2014, 4:55 am
$
0
0

I am looking for some advice on how to securely configure the network of a hybrid web application. The web application will be hosted in Azure Web sites, and will be connecting to on-premise database through a WCF front end.

Does the web site have a static IP? When you configure a custom domain you have an option of specifying an A record, will this A record need to be updated at any stage?

The business has very strict firewall restrictions and opening up large ranges to is not desired, is there any way to establish a persistent virtual network to an Azure Web Site for backend message transfers?


Virtual network is gone from a VM

November 6, 2013, 6:47 am
$
0
0

Hi,

I have a VM that suddenly has lost it's virtual network. When i choose configure, the virtual network section is missing. The virtual network is still there and used by other machines, but this VM just lost it's network. How can that happen??? And how can I fix it? This happened today when I restarted the VM. 

PS: Yes, I'm 100% sure the VM was created on the virtual network in question.

brgds

New VMs are not provisioned into my existing virtual network.

March 21, 2014, 3:49 am
$
0
0

I have a working site to site virtual network, basic setting shown below.  The VPN is up.  When I add VMs through the gallery, no option to select the virtual network is shown.  When the VMs are created they are not pulling using IP addresses from the virtual network subnet and they are not displayed as resources in the virtual network.  I have read all available documentation and cannot find a solution to this problem.

Address Sapce 10.0.0.0/16 (usable 10.0.0.1-10.0.255.254

Subs 

Sub-10 10.0.10.0/24 ( usable 10.0.10.4-10.0.10.254)

Gate 10.0.0.0/29(usable 10.0.0.4-10.0.0.6)

Search

Connectivity issue in VMs after deallocation | might be a bug or issue

April 8, 2014, 12:13 pm
$
0
0

Hi,

I was testing a lab setup other night. All was good, even after several restart from inside the VMs. There was no issue. It was quite late other night and I didn't had time for few days, so stopped machines from portal (deallocated).

Today when I started, I see that I can connect to DC very well. but not the other machines from the setup. Even could not ping from VM (after logging in by RDP)

All Machines in 1 Virtual Network

Machine 1: A.cloudapp.net   :  a.some-domain.com    :   DC
Machine 2: B.cloudapp.net   : b.some-domain.com    : Exhcnage Server Role 1
Machine 3: C.cloudapp.net   : c.some-domain.com    : Exhcnage Server Role 2

I have opened all ports and setup a.some-domain.com to Public VIP of machine to be on safer side.

MAJOR ISSUES

1. Cannot Connects RDP to machines. It gives "Requres NLA but cannot connect your domain  controller cannot be contacted to perform NLA." There was no such message earlier.
2. Cannot ping Machines. I have connected from VM after taking RDP to DC. and also connecting local machine to vm (VPN). While can ping the Private IP of DC after connecting to VPN, cannot do for other machines.
3. Exchange Server ECP which was working OK, is giving error on ECP Page. ( I believe it cannot communicate to DC).
4. Even tried reconfiguring machine to different type (as mentioned in some forums) but in vain.

Can some one help.

Permanent Point-to-Site VPN to Azure for all VMs on my Hyper-V server

December 5, 2013, 3:00 am
$
0
0

I'm working from an office where I don't have control over the network and I cannot set up a site-to-site VPN that normally would be set up from Cisco box or similar.

I followed the steps for a Point-to-Site VPN and it works fine for my user when logged in: I can connect to my Azure VMs by using their internal addresses (10.0.1.x range), etc., so far so good.

But, what I really want to do is to have some of my local VMs run SharePoint web front ends towards the SharePoint farm hosted in Azure. How can I use my Point-to-Site VPN to use it for all Hyper-V VMs on a server? How can I make the VPN permanent and not only available for my user and only when I signed on?

Windows Azure Quick Access Token

April 23, 2013, 6:36 am
$
0
0
I am trying to sign up for the preview of the Hyper-V Recovery Manager Vault and am asked for the Quick Access Token.  Where do I find this?  I have looked in the settings but don't see anything like this. 

Jonathan Gardner PMP
Website: http://jonathanagardner.com
Twitter: jgardner04

Allow rules in firewall for Azure Virtual Network VPN Connection

March 24, 2014, 5:15 am
$
0
0

Hello Azure Team,

we need to configure our firewall to pass VPN connection to Azure. We noticed following IP addresses:

176.41.212.59, 95.144.186.153, 87.216.161.222, 180.6.117.245, 182.93.81.47, 91.233.24.3, 180.6.117.245....

Can you give us IP range (including ports and protocols) that are used from the Azure side so we can configure our firewall?

Internal IP Address of Role Load Balancer

November 27, 2012, 10:23 am
$
0
0

I have successfully added a worker role to a virtual network by adding the following into the service config:

<NetworkConfiguration>
    <VirtualNetworkSite name="VirtualNetwork" />
    <AddressAssignments>
      <InstanceAddress roleName="RoleName">
        <Subnets>
          <Subnet name="Front" />
        </Subnets>
      </InstanceAddress>
    </AddressAssignments>
  </NetworkConfiguration>

The dashboard for the role shows a single public address and IP, which would be the address of the NLB, but not the internal IP (the address on the virtual network). The 'resources' section of the virtual network shows the IP addresses of the two instances of the role that are running, not the load balancer. Using one or other IP address works well across the VPN gateway that has been set up (which is cool!).

So, in this scenario:

1. Is there an internal IP (virtual network IP) of the existing load balancer? Do I need to add extra configuration to the above to enable it?

2. Assuming that there is an internal IP for the NLB, how can I set the lease of the NLB to be infinite? As you can with VMs, so that I can add a VPN DNS entry.

Without a private IP on the load balancer, worker roles on Virtual Networks are unusable. Apart from having an IP address per instance, it will change every time the role is recycled (including role upgrades).

Finally, it seems that the support of roles in Virtual Networking is not well supported or documented. What are the plans for this support come GA of virtual networking?

Simon

Virtual network on multiple subscriptions

April 11, 2014, 7:33 am
$
0
0

looking at previous posts, till august 2013 the issue of single virtual network for  multiple subscription's  remained .has this been solved ? if not how can we handle the situation of a network having ad plus some vm's and  another network having another set of vm's

Azure Point-toSite VPN Requires Elevated Permissions for Route Add

July 8, 2013, 8:37 am
$
0
0

I was previously utilizing Azure Endpoint Connect to allow clients to connect to resources in my Azure Virtual Network. I have migrated to using the new Point-to-Site VPN for this purpose, but the new SSTP VPN is using a split-VPN network topology. Users connect to the gateway subnet, but to gain access to the Virtual Network subnet, a static route must be added to the local clients computer using the client's DHCP gateway subnet address as the interface address. The native VPN client from Azure uses a "Route Add" command to accomplish this task. This requires an elevated permission set to execute. Many of the clients that will utilize this connection DO NOT have this permission set and therefore proper routing can not be acheived. I have set the "use default gateway on remote network" option for these clients as a temporary solution, but clients cannot have access to other internet resources while the VPN is active (All traffic is routed throught the Azure VPN).

Is there a way to add the necessary routing to the local client's routing table WITHOUT elevated permissions. This is a necessary step for this new VPN to have value in my architecture. This was not an issue with Azure Endpoint Connect since it ran as a service.

Search

Azure-provided name resolution returns public IP addresses - configurable to return private?

April 11, 2014, 7:18 am
$
0
0

Hi,

It appears that if I use a virtual network and accept Azure-provided name resolution, the Azure DNS server returns the MS-provided public IP address instead of the private IP address from the range I configured on the virtual network.  Is it possible to configure Azure to return the private IP instead?

thanks!

Martin

Internet access?

April 11, 2014, 2:28 pm
$
0
0

Hi,

I am currently on the 30 day trial for azure to learn SCCM 2012 and Private cloud hosting.

I have followed the guide below and when I go to access the internet on my VMs, it takes a VERY long time to load webpages.

http://blogs.technet.com/b/keithmayer/archive/2013/04/24/step-by-step-build-a-free-system-center-2012-configuration-manager-sp1-lab-in-the-cloud.aspx

The virtual network is setup with 10.0.0.4 as the DNS.

I have setup an AD forest and connected 1 VM to it and both the DC and other VM cannot access the internet.

Thanks,

Ed

Can't access on-premise server from VM in Site-to-site virtual network

April 13, 2014, 9:38 pm
$
0
0

Hi,

I have configured a Site-to-site virtual network in order to connect our Azure VMs with our partner's on-premise network that hosts some services we need to access.

The virtual network seems to be ok... everything looks ok in the Azure portal and I was able to create a VM in that network without any issues.

I can even ping the on-premises server from the VM with no problem.... The problem is that I cannot access the web services that're hosted in this on-premise server.... I just try to access it by using the URL (using port 8085) and I just get a timeout.

I've configured the VM's firewall with an outbound rule on port 8085.... and I have requested our partner to ensure the port 8085 is accessible from our virtual network private ip range. They have confirmed the port is open as they have even created a loopback in the VPN device to test whether incoming connections from our IP address are allowed.

So, right now, I'd like to know:

1. What can be happening here? What else should I look at?

2. What can I do to diagnose these connectivity issues? How can I find where's the problem now? 

3. Why can I ping the remote on-premises server but when I try to telnet on port 8085 it doesn't work (and the remote 8085 port is open)?

I'd really appreciate any help on this issue!

Thanks,

Rodrigo.

Azure VPN Routing issue

April 14, 2014, 4:29 am
$
0
0

Hi

 

We are trialing S2S VPN between Azure and AWS using Windows 2012 RRAS.  We have been able to establish connectivity from RRAS box and Azure VM but it cannot route beyond this point.

 

Configuration info

Azure network: 10.0.0.0/8

Subnet-1: 10.0.0.0/11

Gateway subnet: 10.32.0.0/29

Azure VM IP: 10.0.0.4

 

Local Network: 172.16.0.0/16

Subnet: 172.16.10.0/24

 

RRAS

One interface with private IP: 172.16.105

Elastic IP assigned to the same interface

Ran the VPN device script successfully after one restart

Demand dial-in interface showed up (Connected)

 

  • Azure VNET dashboard shows that VPN is connected and RRAS demand dial-in interface is up.  
  • RRAS residing on AWS and Azure VM can "ping" each other fine
  • RRAS is connected to the internet
  • RRAS can route other VM's traffic out to the internet using NAT
  • VM on AWS cannot ping Azure - the VM is located on the same network as the RRAS VM

 

 

Any more info required let me know.

Routing and traffic redirection for WAN optimization within Azure

April 14, 2014, 5:57 pm
$
0
0
We are trying to redirect traffic in Azure to a VM so that we can apply WAN optimization to the traffic streams. We are able to easily modify routing policies in AWS..and not in Azure. Please help as this is urgent. 
Viewing all 6513 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>