I created 2 azure VM's in the Same Subnet, same virtual network, same affinity group.
both vm's get an ip from the correct subnet. i cannot ping from one VM to another. Already tried to disable windows firewall... same Problem!
Is there more to do to get this work ?
Best,
Martin
Hi,
Trying to connect a point to site vpn im getting this error on windows 8 only. (wins 7 works find)
"A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"
I tryed every thing on this post but nothing helps
http://social.msdn.microsoft.com/Forums/windowsazure/en-US/87c07656-61f4-4ad7-9b6c-248b484dc1ab/pointtosite-on-windows-8-client-connection-error-798?forum=WAVirtualMachinesVirtualNetwork
Any ideas ?
thanks
Hi,
I'm trying to create vnets with S2S VPN gateway using REST API, but although the gateway was created "Successfully", its type seems always "static routing" even I specify the DynamicRouting in the request body. Since I'm attempting to use a Windows RRAS server as my local VPN gateway, this static routing mode seems not supported according to http://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspx
The following is an HTTP session I captured with Fiddler for one of my try, can anybody kindly help me to find out what's wrong here?
POST https://management.core.windows.net/480d0439-19df-4e93-8cc7-b52d7a58db02/services/networking/HOSTED-2/gateway HTTP/1.1
x-ms-version: 2013-03-01
Content-Type: application/xml
Host: management.core.windows.net
Content-Length: 199
Expect: 100-continue
Connection: Keep-Alive
<?xml version="1.0" encoding="utf-8" standalone="no"?><CreateGatewayParameters xmlns="http://schemas.microsoft.com/windowsazure"><GatewayType>DynamicRouting</GatewayType></CreateGatewayParameters>
HTTP/1.1 201 Created
Cache-Control: no-cache
Content-Length: 210
Content-Type: application/xml; charset=utf-8
Server: 33.0.6198.68 (rd_rdfe_stable.130710-0833) Microsoft-HTTPAPI/2.0
x-ms-servedbyregion: ussouth
x-ms-request-id: 7faea861b6554dba92b1d6c2f3580cf2
Date: Thu, 01 Aug 2013 05:48:55 GMT
<GatewayOperationAsyncResponse xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><ID>7faea861-b655-4dba-92b1-d6c2f3580cf2</ID></GatewayOperationAsyncResponse>
Thanks!
Shayu
This post is "AS IS" and confers no rights
I am trying to connect my ASA 5505 to Azure Site-To-Site VPN.
I downloaded the script and everything appears to run fine, except this line:
tunnel-group x.x.x.x type ipsec-l2l
I get the error:
myrouter(config)# tunnel-group x.x.x.x type ipsec-l2l(the marker is pointing at the word "type")
Any ideas on what my problem is?
Hi,
We are attempting to setup an ADFS box in Azure to facilitate our SSO for Office 365. This box is going to have another DC along side it in Azure so that we don't have any reliance on the internet connection at head office.
We have the VM running, and have setup a site to site IPSEC VPN from Azure back to our Juniper SRX. The tunnel has come up and everything looks ok. We do have some one way traffic issues though.
Eg;
Azure --> Onprem -This works no problems. A ping for example responds and everything is fine. I can RDP from Azure to Onprem server, no problems. SMB, RPC the whole lot.
Onprem --> Azure-Nothing works. No traffic is passed to the VM whatsoever. I have disabled Windows Firewall in the VM completely and still nothing. A wireshark trace for ICMP doesn't even show a packet reaching the VM, it simply doesn't get there.
I've had the networking guys confirm that the SRX is encrypting traffic and trying to send it across the IPSEC VPN (policy based VPN).
I have tried to add endpoints via the Azure console, but if I understand correctly this is for traffic from the WAN, not the VPN.
Azure is currently in a free trial if that makes any difference.
Anybody able to assist at all?
Thanks.
Will.
Greetings,
Let me preface this by saying that I have checked the documentation for the recommended phase1 configuration and I still cannot complete phase1. My device is an ASA 5520 running 8.4,
Upon sending traffic I receive log messages:
2014-06-02T23:45:14.343085-05:00 hostname.redacted : Jun 02 23:45:14 CDT: %ASA-vpn-5-713904: IP = azure_gateway.redacted, Received an un-encrypted NO_PROPOSAL_CHOSEN notify message, dropping
2014-06-02T23:45:14.343085-05:00 hostname.redacted : Jun 02 23:45:14 CDT: %ASA-vpn-4-713903: IP = azure_gateway.redacted, Information Exchange processing failed
Isakmp SA:
6 IKE Peer: azure_gateway.redacted
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2Relevant config:
crypto ipsec ikev1 transform-set L2L_AZURE esp-aes-256 esp-sha-hmac crypto map OUTSIDE_VPN 80 match address L2L_AZURE crypto map OUTSIDE_VPN 80 set peer azure_gateway.redacted crypto map OUTSIDE_VPN 80 set ikev1 transform-set L2L_AZURE crypto map OUTSIDE_VPN 80 set security-association lifetime seconds 3600 crypto map OUTSIDE_VPN 80 set security-association lifetime kilobytes 102400000 crypto ikev1 policy 20 authentication pre-share encryption aes-256 hash sha group 2 lifetime 28800 tunnel-group azure_gateway.redacted type ipsec-l2l tunnel-group azure_gateway.redacted ipsec-attributes ikev1 pre-shared-key key.redacted
I have other ikev1 policies but the one listed should meet the requirements listed
here.
Is there something I am missing?
Thanks in advance.
Hi all,
Some branch offices in my company need to connect to Azure with a site-to-site VPN.
I would like to know if it's possible to declare multiple VPN site-to-site connections (1 per branch-site) for the same virtual network?
Thanks.
Patrice
I set up a virtual network on Azure and have two different desktops (both running Windows 8.1) in two different locations connected point-to-site to the virtual network. Is it possible to have these two PCs treat each other like they are on the same local network? Like be able to share files and remote desktop connection through them? Or even use HomeGroup? I saw else where that HomeGroup used IPv6 which you cannnot do through VPN, but all those answers where 3 years ago, so maybe something has changed.
I already have then both connected now, but right now they cannot ping each other.
Hi all
I am trying to find a way to connect two azure accounts together so that they can share each others resources.
I want to be able to share files and send SQL data from one accounts network to another accounts network via VPN or something else. Is this possible? I have spent a lot of time trying to find information regarding this to no avail.
I understand that Site to Site is meant to be used for azure to on premise but this looks like the best option BUT you cant create a gateway until you create the VPN setup and then it can't be edited after creation.
Is what I am trying to do just not available in Azure or perhaps another way around so I can get the two networks to route to each other?
Thank in advance
Andrew
Andrew Watts MCSE MCP BSC SSC GSC
Hello.
I m trying to create a point to site connection, VPN to virtual network.
I followed all the steps in the link from msdn
http://msdn.microsoft.com/en-us/library/azure/jj156210.aspx
but i get the error: "It cannot upload the client certificate to virtual network", but I use the ROOT certificate.
Can you help me?
Its very urgent for me?
Thank you.
Radu Chioreanu
HI,
I want my VMs to use my on premises DNS server. I have configured the sever name and IP details in Networks>DNS Servers but my VMs still get the Azure DNS server. I have rebooted the VMs with no joy, they still have the Azure DNS settings assigned.
-AzureStaticVNetIPcmdlet, will this stop the VMs from getting the DNS server I configured?
How can I get the VMs to pick up the right settings?
TIA
Simon
There is a lot of information regarding configuring a Linux server as an endpoint for an Azure VPN. However all of these appear to be related to statically routed VPNs.
It seems that dynamically routed VPNs use IKEv2/IPSEC Openswan supports IKEv1 Strongswan appears to support IKEv2 but I have been unable to get it to work so far.
So my first question is simply, has anyone been able to configure a Site to Site VPN using dynamic routing into a Linux Server.
Hi,
I follow this : http://msdn.microsoft.com/library/azure/dn133792.aspx
I last step download Client VPN Package and install always show can't find "azurebox32.ico" error:
( Client: Windows 8.1 x64 - CHT)
Setup will fail and can't connect VPN:
理直氣和,切記。
Hi,
We currently run Office 365 and have a federated domain for single sign-on. Like others have posted here we are investigating the possibility of moving our federation server farm and proxies to Azure, but I have a further question that was not answered in previous posts.
The Microsoft Online Deployment Guide for Office 365 lays out the recommended configuration for the federation service here:http://technet.microsoft.com/en-us/library/ff652539.aspx
As per Microsoft's recommendations the federation proxies should be placed in a perimeter network (as they are exposed to the Internet) and firewalled off from the actual federation servers (and the rest of the internal network), with only port 443 left open for communication from the proxies to the federation server farm.
From my reading on the Azure IaaS services, I could not find any way to configure a perimeter network that would suitably isolate the federation service proxies. My question then is, is there a way to configure a suitable perimeter network in Azure to place the federation proxies? or do you not recommend Office 365 federation services be placed in Azure at this time?
Thanks in advance for your assistance,
Mike.
HI,
In my environment all I have is a website which is turned off. I'm attempting to modify the network I created but it shows
How can I pin point what I need to change/remove to make changes to virtual network address spaces?
Thanks
I am trying to establish s2s VPN with Azure and our network. I created network on Azure, received the gateway IP address, downloaded VPN device script and setup VPN on our ASA5525X.
After I setup VPN configuration on ASA (dedicated ASA5525X for VPN), The VPN tunnel did not coming up. From debug on ASA, our device is sending request but no response from our Azure gateway.
Is there anything that I have to do on Azure to allow our VPN gateway to establish the the VPN?
One more thing, we are on free trail with Azure. Do we have to be a paid customer to have VPN established.
Thanks in advance for your helps.
Feng Zhang
I've been trying to connect Windows Azure to my main network using pfSense, which is a lightweight open source router, with limited success.
I've configured it as follows:
Phase 1
Interface WAN
Remote Gateway<Azure Gateway IP Address>
Authentication Method: Mutual PSK
Negotiation Mode: main
My Identifier:<My Public IP Address>
Peer Identifier:<Azure Gateway IP Address>
Pre-Shared Key: <Key Given By Azure>
Policy Generation: Default
Proposal Checking: Default
Encryption Algorythm: AES 128-bit
Hash Algorythm: SHA1
DH key group: 2
Lifetime: 28800
Phase 2
Mode: Tunnel
Local Network: <My Local Network>
Remote Network: <My Azure Address space>
Protocol: ESP
Encryption Algorythms: AES 128-bits
Hash Algorythm: SHA1
PFS key group: off
Lifetime: 3600
What I am seeing:
The azure control pannel seems to suggest that I have connectivity, and I can see Security Associations appearing on my IPSec gateway, Interestingly I only ever get one that seems to originate from my side, and every 10 seconds or so I get one added to the list originating from the Windows Azure side.
I also tried a constant ping for a while from my network to a device in one of my virtual networks and I clocked up a few KBytes in, but nothing back - so connectivity seems to be working - all be it a bit one sided.
I believe that pfSense's implimentation of a IPSec VPN is based on racoon, any help will be much appreciated.
Hi,
I was trying to create a Virtual Machine in a Virtual Network and while creating I forgot to mention the subnet names and static IP. But the VM got created successfully without any errors. Unfortunately it got created beyond my subnets and got an IP from VNet address space and got a random gateway IP and IP address. Now while I was trying to set a static IP, I was getting subnet error. So I moved my VM to one of the subnets then I have set the static IP, it worked fine. But why didn't it give me any error while am creating the VM in vnet without subnet. I was unable to figure out what exactly went on.
Can you please any one explain me
Thanks and Regards
Bhaskar Desharaju.
I cannot create a Virtual Network in the Brazil South location.
I have tried using the Web UI, and the Azure Power Shell - all attempts result in a "internal server error" message.
I can create Virtual Networks in other locations without a problem.
Any ideas?
The network is in use When a virtual network is in use, its address space cannot be modified if the updates affect an in-use subnet.