Hello, is there any news about a way to control the accesses between subnets?
AFAIK today there is no way to limit the visibility between subnets of the same virtual network. I'd like to setup a classic environment: a DMZ subnet (with pub web server) and an internal subnet, PRIV, (sql server and other application servers). The connectivity between DMZ and PRIV should be limited to only necessary TCP ports and IP addresses.
Fabrizio
Hi,
we have a VM using virtual private network
We notice very long response time when resolving external DNS names from the VM.
Here is an example:
C:\Users\Administrator>nslookup www.google.comDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 168.63.129.16DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: www.google.com
Addresses: 2a00:1450:400c:c05::69
173.194.66.99
173.194.66.105
173.194.66.106
173.194.66.103
173.194.66.104
173.194.66.147
Here is the output of ipconfig /all on the VM:
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : AZEUCKP02
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Peer-Peer
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : b1758a2a2c3b4de28dd0f5184d634414.azeuckp1
.626128157.europewest.internal.cloudapp.net
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : b1758a2a2c3b4de28dd0f5184d634414.azeuckp1
.626128157.europewest.internal.cloudapp.net
Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
pter #2
Physical Address. . . . . . . . . : 00-15-5D-49-28-87
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a816:521f:2e0:6ef9%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 22, 2012 3:04:39 AM
Lease Expires . . . . . . . . . . : Friday, November 01, 2148 6:27:17 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 168.63.129.16
DHCPv6 IAID . . . . . . . . . . . : 268440925
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-E3-78-AE-00-15-5D-49-28-87
DNS Servers . . . . . . . . . . . : 168.63.129.16
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.b1758a2a2c3b4de28dd0f5184d634414.azeuckp1.626128157.europe
west.internal.cloudapp.net:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : b1758a2a2c3b4de28dd0f5184d634414.azeuckp1
.626128157.europewest.internal.cloudapp.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
The performance of our application is poor because of that. By skipping DNS resolution (hard code IPs within hosts file), the performance issue is solved.
Can you help us?
thanks.
how do you setup a dns server on a VM to allow worker roles to register their hostnames and ips onto it ? I see no way to tell a worker role what it's suffix should be.
Hi,
I am testing out Azure Point To Site VPN by following the instructions as stated on the links below:
http://msdn.microsoft.com/en-us/library/windowsazure/dn133792.aspx
http://blogs.msdn.com/b/piyushranjan/archive/2013/06/01/point-to-site-vpn-in-azure-virtual-networks.aspx
Everything is already set up, (root certificate, client certificate, downloaded the VPN client) as I was able to connect already. The problem is when I run ipconfig/all I am not getting a different IP address:
PPP adapter testvpn:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : testvpn
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.190.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
For the point-to-site connectivity, I am using 10.0.1.16/24 address space while for the virtual network address space it is 172.16.0.0/16.
Dp I have to manually set the IP address since DHCP is disabled ? But I don't know where to set those IP address on the client PC. I've checked the Propeprties of my VPN connection and there's no option to set an IP address.
On the portal, I can see that I am connected but I am not sure why the IP address I got is different from the address space range I've configured. Any advice ? Thanks.
Hello, I've created a VM and placed it in a subnet of my virtual network. My virtual network has other subnets. Now I want to move my virtual machine from subnet1 to subnet2. Is there a way to do it without destroying and recreating the machine?
fabrizio
Hi.
When associating a cloud service with a specific virtual network, the instance automatically gets an IP from the selected subnet range.
Is there a way to know this IP dynamically from within the instance itself? If so, is this information available as soon as the instance is created, for instance at the time when startup tasks are executed?
If not, is there a way to get this IP at any time after the instance is created, from outside the instance, programmatically?
I prefer a PowerShell solution, but anything would do.
Thanks.
I have on premises implementations of Exchage, SQL Server and custom applications. Can I use Azure as fail over servers for my on premises servers? How? Software licenses for Windows Server, Exchange or SQL are included in Azure?
I recently added a DNS server in Azure and added the DNS server to the Virtual Network configuration (thanks for that change to dynamically add/change DNS servers in VNs, BTW :-)), but curious the priority that a VM uses for name resolution? I previously had 3 DNS servers that were all on our corpnet (Azure Local Network) and added a 4th DNS server to the VN configuration (the DNS server we added in Azure VM).
When we do an ipconfig, the DNS server in Azure is the 4th on the list. We ran a test to verify that we could still get name resolution if the Azure VN gateway was down (ie, the VMs would use the DNS server we just added in Azure), but it looks like the VMs use the 1st DNS server only and time out if they can't reach this (which is the case since we dropped the VPN Gateway for this test).
Is there any way to force the VMs to use the DNS server we recently added as the primary DNS server?
I recently added a DNS server in Azure and added the DNS server to the Virtual Network configuration (thanks for that change to dynamically add/change DNS servers in VNs, BTW :-)), but curious the priority that a VM uses for name resolution? I previously had 3 DNS servers that were all on our corpnet (Azure Local Network) and added a 4th DNS server to the VN configuration (the DNS server we added in Azure VM).
When we do an ipconfig, the DNS server in Azure is the 4th on the list. We ran a test to verify that we could still get name resolution if the Azure VN gateway was down (ie, the VMs would use the DNS server we just added in Azure), but it looks like the VMs use the 1st DNS server only and time out if they can't reach this (which is the case since we dropped the VPN Gateway for this test).
Is there any way to force the VMs to use the DNS server we recently added as the primary DNS server?
I recently added a DNS server in Azure and added the DNS server to the Virtual Network configuration (thanks for that change to dynamically add/change DNS servers in VNs, BTW :-)), but curious the priority that a VM uses for name resolution? I previously had 3 DNS servers that were all on our corpnet (Azure Local Network) and added a 4th DNS server to the VN configuration (the DNS server we added in Azure VM).
When we do an ipconfig, the DNS server in Azure is the 4th on the list. We ran a test to verify that we could still get name resolution if the Azure VN gateway was down (ie, the VMs would use the DNS server we just added in Azure), but it looks like the VMs use the 1st DNS server only and time out if they can't reach this (which is the case since we dropped the VPN Gateway for this test).
Is there any way to force the VMs to use the DNS server we recently added as the primary DNS server?
I recently added a DNS server in Azure and added the DNS server to the Virtual Network configuration (thanks for that change to dynamically add/change DNS servers in VNs, BTW :-)), but curious the priority that a VM uses for name resolution? I previously had 3 DNS servers that were all on our corpnet (Azure Local Network) and added a 4th DNS server to the VN configuration (the DNS server we added in Azure VM).
When we do an ipconfig, the DNS server in Azure is the 4th on the list. We ran a test to verify that we could still get name resolution if the Azure VN gateway was down (ie, the VMs would use the DNS server we just added in Azure), but it looks like the VMs use the 1st DNS server only and time out if they can't reach this (which is the case since we dropped the VPN Gateway for this test).
Is there any way to force the VMs to use the DNS server we recently added as the primary DNS server?
Hi All,
Is it possible to add a virtual network using REST API offered by Windows Azure. I know there is a Rest API called SET NETWORK CONFIGURATION but would it create a new network. Right now I'm having problems using it.
Regards,
Farhan
Farhan Khan
I am trying to create Virtual Network with Point-to-Site VPN connection by using API. I've done the Virtual Network creation step but stumble on the setting-up Gateway. I can do it manually but when I call API it's always failing by saying "400 Bad request".
The x-ms-version I am using is 2012-03-01
The body of the POST looks like this:
<?xml version=\"1.0\" encoding=\"utf-8\"?>
<CreateGatewayParameters xmlns="http://schemas.microsoft.com/windowsazure">
<GatewayType>DynamicRouting</GatewayType>
</CreateGatewayParameters>
And the URL is: https://management.core.windows.net/{my_ID}/services/networking/{virtualNetworkName}/gateway
Can somebody see an issue with that?
Thanks,
Alex
install the client cert, run the installer but no VPN connection available to connect with. Works fine on vista, win 7.
Anyone else had similar issues or any tips on how to create manually?
Hi
I created a previous post on this but can no longer update it
We are experiencing around 25-35% packet loss over our VPN to Azure. The strange thing is the packet loss goes in chunks, so we could have 50 successful packets and then drop the next 20.
During the packet loss the VPN remains up. We suspected it may be down to the SA lifetime expiring however I have checked and this is not the case
Our firewall is a Juniper SRX650 with JUNOS 11.6.6 installed. I have used the VPN script from the Azure site which was for 11.4R4
Has anyone else experienced connectivity problems to Azure over a JUNOS firewall? I have created the VPN multiple times, both policy and route based and get the same issue each time
Cheers
James
I have no problem connecting to the virtual machines that I have created in Azure using my Windows 7.
But I do have problem connecting to them in RHEL using Remmina 0.9.3.
FQDN: <pc-name>.cloudapp.net:<port>
I have tried to modify the <port> in Azure VM's endpoint Remote desktop port to standard 3389, but still fail to connect from RHEL/Remmina while no problem connecting to the VM from Windows 7.
Error message "Unable to connect to RDP sever <pc-name>.cloudapp.net"
Regards, Adarsha
I can't to connect from my Edge On-Premise Server and My Azure VM.
S2S show me connection status OK between Azure Gateway and my RRAS Windows Server 2012.
how do you setup a dns server on a VM to allow worker roles to register their hostnames and ips onto it ? I see no way to tell a worker role what it's suffix should be.
Hello, is there any news about a way to control the accesses between subnets?
AFAIK today there is no way to limit the visibility between subnets of the same virtual network. I'd like to setup a classic environment: a DMZ subnet (with pub web server) and an internal subnet, PRIV, (sql server and other application servers). The connectivity between DMZ and PRIV should be limited to only necessary TCP ports and IP addresses.
Fabrizio