- I set up a virtual network Site to Site and that is up.
- However, the developer set up a Cloud Services machine and it doesn't use the same subnet I used to set up the site-to-site VPN and it's using DHCP - and it's not a virtual machine.
- Is it possible to create a new subnet that encompasses this Cloud Services machine? Or can I create a virtual network that encompasses this Cloud Services machine?
- Or do we need to create a vm to host the cloud services?
↧
Cloud Services Site to Site VPN
↧
How to use Traffic Manager to direct traffic to different Azure Web Sites?
I have been using Traffic Manager to direct traffic to different web roles located in different regions (West US, East Asia and West Europe). I am trying to do the same for my web sites. But I can't see the selection when I try to create a new traffic
manager, only my web roles are listed. Is Traffic Manager not for web sites?
Frank
↧
↧
setting DNS suffix search list & Connection-specific DNS suffix on Azure VMs
Hi all,
I am prepping my Azure environment for an Active Directory installation on Azure IaaS VMs. I have static IPs set on my two DCs and have configured the DNS servers in my VNet and on creation of my VMs with the New-AzureVM cmdlet.
The problem I have now is that I've set "DNS suffix search list" and "Connection-specific DNS suffix" manually to the string that I want (which matches the FQDN I am going to set as my domain, e.g. abccloud.net, but this setting is overwritten every time I shutdown (deallocated) the Azure VMs. Instead I get reddog.microsoft.com as the DNS suffix when the VM starts. Obviously it's being overwritten by Azure DHCP.
I need to shutdown most of my VMs overnight to conserve subscription costs but I also need these settings to be retained so that name resolution of internal & external resources work properly.
I haven't found an Azure PS cmdlet that controls this setting. Have I missed something or do I need to kludge it with a startup script or a GPO?
I've searched the forums and but haven't found any reference to other users getting reddog.microsoft.com. Appreciate any assistance.
↧
High latency using Point-to-site VPN in Japan West region
Hi,
I created a Point-to-site VPN in Japan West region, but I am experiencing very high latency (>500ms) for the internal connection.
RDP to the VM (same region) using the public IP is quite fast, but using RDP with the internal IP is very slow.
Also HTTPS connection from the VM back to the on-premise Web server is very slow due to the high latency, I think.
I this expected? What is the expected latency between a VM and VNet in Japan West region and on-premise network in downtown Tokyo? The on-premise internet connection speed is 100MBit up and down.
Thank you in advance.
Regards,
Enrico
↧
Traffic manager is not working as intended with performance mode
Hello,
We established traffic manager on 2 instances one is avaialble in WEU and other in SEA but users from shanghai are still routed to WEU instance instead of SEA instance and facing latency issues. we done some background work as below:
I requested the users in Shanghai to use http://azurespeedtest.azurewebsites.net/ to know the the closest DC. They see "It looks like your nearest Data Center is West Europe. There appears to be a CDN Node nearer your location". When we use the above site from India, it shows "It looks like your nearest Data Center is Southeast Asia". My question is:
- Based on the above lookups, TM seems to be routing correctly even though India is closer to West Europe than Shanghai?
- What is the additional information "There appears to be a CDN Node nearer your location" after data center that is displayed when looked up from Shanghai that is not shown from India? Could this "CDN Node" be making the Shanghai users to detect West Europe?
please provide your valueble suggestion ASAP as its spoiling total moto of adapting Traffic manager
Regards
\praveen
↧
↧
Support for alternative Internet Gateway - through a VM instance
I would like to use my own device as my Internet Gateway. This allows me to bring a series of in-line services in to use that I can't otherwise. Basically, I need to be able to forward VLAN traffic through my edge virtual machine.
To demonstrate, I created a private VLAN with the cloud service public IP as the public IP of my edge machine (meaning its endpoints have traffic rules allowing traffic). It then also has a private IP in the VLAN.
My cloud hosts were configured to have no endpoint ports allowed, allowing them to converse on the VLAN, but not be reached from the Internet side.
I changed my cloud hosts routing tables to have the Azure VLAN gateway (let's say my VLAN is 172.16.10.0/24) provide access to the VLAN, but also created a route to 0.0.0.0/0 with my edge virtual machine's LAN ip as the gateway.
My cloud hosts - can still reach the Internet - but the traffic is NOT going though my edge VM. The traffic is not doing what the routing table tells it to - which tells me something in Azure is re-directing the traffic.
↧
Multi-Site-VPN with Sonicwall TZ215
Hi
I am trying to set up a multi-site vpn to Windows Azure.
LocalNetwork 1: 172.20.0.0/16
LocalNetwork 2: 192.168.56.0/24
VirtualNetwork: 192.168.22.0/24
I configured the Azure Virtual Network for Multi-Site-Connection as illustraed in this Manual:
http://msdn.microsoft.com/en-US/library/azure/dn690124.aspx
Network Config seems to be fine and VPN Link from LocalNetwork 1 (Win 2012 R2 RRAS) to VirtualNetwork on Windows Azure is up and running. But i am unable to get the second Link from LocalNetwork 2 (Sonicwall TZ215) to the Virtual Network up and running.
I set up the VPN-Connection on the TZ215 as illustrated in this Tech Note from Sonicwall:
https://support.software.dell.com/download/downloads?id=5347244
This Config used to worked fine in the past for other Connections on Sonicwall NSA Device, but not this time.
If i use the following config for the VPN Connection - Local Network: 192.168.56.0/24 - Destination Network: 192.168.22.0/24 - i am getting the Error: "IKEv2 Responder: Peer's destination network does not match VPN policy'sLocal Network - Proposed network: 0.0.0.0-255.255.255.255"
So i changed to config to - Local Network: 0.0.0.0/0 - Destination Network: 192.168.22.0/24 - and now i am getting the error: "IKEv2 Responder: Peer's local network does not match VPN policy'sDestination Network - Proposed network: 0.0.0.0-255.255.255.255"
Actually i am not able to set also the Destination Network to 0.0.0.0/0. Because a) i've got other VPN Connections configured on this device and b) i don't belive this would be a clever idea.
How comes that the azure gatway is proposing 0.0.0.0/0 for local and destination Network?
How to solve this issue?
↧
Azure OnPremise to Vnet to Vnet to OnPremise Routing
Hi
We have got the following Networks:
OnPremise Network EU - 192.168.1.0 / 24
VNet1 EUWest - 192.168.2.0 / 24
VNet2 USA Mid/South - 192.168.3.0 / 24
OnPremise Network South America - 192.168.4.0 / 24
I've configured the following Layout:
OnPremise Network EU <-S2S-> VNet 1 (EU West) <-VNet2VNet-> VNet 2 (USA) <-S2S-> OnPremise Network South America
All Connections are up, but how and where do i have to configure the needed network routes?
VPN Device in EU is a Win 2012 R2 RRAS Server.
I added the following static routes in RRAS:
192.168.2.0 - 255.255.255.0 - No Gateway - VPN Interface to EU West
192.168.3.0 - 255.255.255.0 - No Gateway - VPN Interface to EU West
192.168.4.0 - 255.255.255.0 - No Gateway - VPN Interface to EU West
So the traffic from OnPremise EU is routet to VNet1. But how to continue to VNet 2 and further?
I am unable to get a Connection from OnPremise (EU) to VMnet2 (USA)
I know that i could also build a S2S Connection from OnPremise EU to VMNet2 (USA) and vîce versa.
This layout is actually just for test purposes. I was wondering if it is possible to get this also to work by Vnet-to-Vnet Connectivity and if we could get a better over all network performance with this layout from EU to South America.
↧
Azure - Load balancing/HA - two PIPs
I am trying to set up high availability for two servers in Azure. The problem is - both servers have to use instance-level public IP addresses as described here - http://msdn.microsoft.com/en-us/library/azure/dn690118.aspx. They are used to bypass the
limitation on the number of endpoints per vm (we are using around 50000 of those as opposed to the allowed 150 without PIP).
The problem is that neither traffic manager (routes to endpoint) nor vm load-balancing (limits endpoints) seem to be able to achieve that.
Does anyone have experience with this scenario and/or can advise a method that does not rely on DNS failover?
Thanks!
The problem is that neither traffic manager (routes to endpoint) nor vm load-balancing (limits endpoints) seem to be able to achieve that.
Does anyone have experience with this scenario and/or can advise a method that does not rely on DNS failover?
Thanks!
↧
↧
ON Premises connectivity issue from Azure (using site-to-site connectivity)
I had recently bought Azure subscription and I have created a site-to-site VPN connectivity between the azure network & the Enterprise network. The connectivity shows as successful in the virtual network dashboard & the enterprise VPN gateway logs. We have configured the Virtual address space & the onPremises local network as mentioned in the bottom
Issue
* The connectivity between azure & enterprise network shows successful in the dashboard but when we try reaching theenterprise ip 116.197.178.5 we are unable to reach the IP, tried via nmap, ssh etc.
* From the VM we are able to reach the internet but have issues with the enterprise connectivity.
* The same configuration was working in march 2014 when we had tried using theFree Azure trail account. Looks like there has been a change in Azure services sometime during march 2014
* I don't see anyways to debug this issue
* I had followed the doc in msdn site (Configure a Site-to-Site VPN in the Management Portal)
Help
* Can someone tell me whether I'm doing anything wrong
* Is there a way I can debug this issue
Device Route info
Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface
default 10.2.1.1 0.0.0.0 UG 0 0 0 eth0
default 10.2.1.1 0.0.0.0 UG 100 0 0 eth0
10.2.1.0 * 255.255.255.0 U 0 0 0 eth0
Local network
<LocalNetworkSite name="EnterpriseNetwork">
<AddressSpace>
<AddressPrefix>10.1.0.0/16</AddressPrefix>
</AddressSpace>
<VPNGatewayAddress>xxx.197.179.249</VPNGatewayAddress>
</LocalNetworkSite>
Virtual network
<VirtualNetworkSite name="Azure-network" Location="Southeast Asia"><AddressSpace>
<AddressPrefix>10.2.0.0/16</AddressPrefix>
</AddressSpace>
<Subnets>
<Subnet name="FrontEndSubnet">
<AddressPrefix>10.2.0.0/24</AddressPrefix>
</Subnet>
<Subnet name="BackEndSubnet">
<AddressPrefix>10.2.1.0/24</AddressPrefix>
</Subnet>
<Subnet name="ADDNSSubnet">
<AddressPrefix>10.2.2.0/23</AddressPrefix>
</Subnet>
<Subnet name="GatewaySubnet">
<AddressPrefix>10.2.4.0/29</AddressPrefix>
</Subnet>
</Subnets>
<DnsServersRef>
<DnsServerRef name="GoogleDNS" />
</DnsServersRef>
<Gateway>
<ConnectionsToLocalNetwork>
<LocalNetworkSiteRef name="EnterpriseNetwork">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
</ConnectionsToLocalNetwork>
</Gateway>
</VirtualNetworkSite>
↧
Is external IP address permanent?
Is the external IP address assigned to my virtual machine permanent? Can I count on it not changing?
↧
Access IIS site in Windows Azure
I installed Microsoft CRM on windows Azure virtual PC,
How I can access the link from out side the virtual machine .
Regards.
↧
How to create Site to Site VPN peoperly
Hey ,
I'm having requirement to create a site to site VPN between Azure and local .
in local it's running a Checkpoint FW ( R75.47 ).
I'm having a confusion with assigning and creating network with this.
I'll provide sample IP Subnets in my requirement.
Azure Virtual Server Network private IP subnet - 10.2.30.0/24
Azure Virtual Server Public IP address - 123.21.52.32
Checkpoint Network private IP subnet - 192.168.2.0/24
Checkpoint Network Public IP subnet - 223.52.12.31
please advise me that how can i define these VIRTUAL NETWORK ADDRESS SPACES andSITE TO SITE CONNECTIVITY
regards,
dinidunet
↧
↧
My Point to Point VPN hangs on connecting since 6:30UTC last night
Our point to point VPN has hung. It's not our gateway end this has been tested but the Azure end. How do I reset it, tried PowerShell but still get an error?
VERBOSE: 09:44:24 - Begin Operation: Set-AzureVNetGateway
Set-AzureVNetGateway : InternalError : An internal error has occurred.
At line:1 char:1
+ Set-AzureVNetGateway -connect -VNetName "*******" -LocalNetworkSiteName "*******"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureVNetGateway], CloudException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.SetAzureVNetGatewayCommand
↧
Azure VPN to Windows Server 2012 in Azure
Hi,
Can I set up Azure VPN to a windows 2012 R2 host hosted in Azure? Let's say I use Microsoft Azure as my datacenter, and I want to be able to use Hybrid Azure Remote App. Then I need to configure VPN to on-prem, but since Azure is my "on-prem" environment, I need to use VPN against Microsoft Azure.
Christian
↧
Traffic Manager
Hi,
I have an issue with Traffic Manager. I hosted two cloud services(IaaS) each with One Linux Instance. I configured Traffic Manager over these two cloud services(IaaS) over https and port 443. After all adding the end points to Traffic Manager, the status is Digraded. Even though the cloud services are running fine, under the traffic manager profiles they are in Degreded status. Even when am accessing the Traffic Manager DNS from browser, I can able to see the default page on the server. My doubt is, even though the cloud services working fine, and able to access the default page, why the status of cloud services and Traffic Manager is Degraded.
Please any one help me on this issue.
Thanks in Adavance
Bhaskar Desharaju.
↧
Site to SIte VPN to Juniper SRX220H intermittent packet loss
I have a remote office 10.101.0.0/24 connected to Azure network 10.0.0.0/16 via IPSec vpn. The connection appears to be solid 90% of the time, but it will sporadically start dropping packets. The configuration has been gone through a dozen times, the tunnel/SA always appears to be up on the juniper end. The configuration was based on the one available in the portal, as well as comparing it to another similar, working VPN.
There is another VPN connection to different hosting with a Juniper SSG which is up and solid. That SSG connects to all of my sites, in addition to Azure, with no issues.
I'm at a loss on where else to go with the configuration on the Juniper side, since the connection appears to have negotiated properly and is working most of the time.
↧
↧
Site to Site vpn
We want to link our on premise network to the azure virtual machine
the most ideal way is connecting to the RRAS server of our virtual machine
we also created a azure virtual network
but we can't connect to this network
we have the following options
IKE (not IKEv2)
pptp
l2tp/ipsec
our clients currently connect over sstp to the RRAS server
but there is no vpn router that support SSTP
↧
Virtual Network Design question
Our existing Azure environment has a 10.140.0.0/16 virtual network address space (via VPN connection). a Request came in to use 3 class C networks but they gave me drawings that really use the following networks
172.18.0.0 255.255.128.0 0.0.127.255 32766 172.18.0.1 to 172.18.127.254 172.18.127.255
172.18.127.0/29: 172.18.127.0 255.255.255.248 0.0.0.7 6 172.18.127.1 to 172.18.127.6 172.18.127.7
172.18.1.0 255.255.255.0 0.0.0.255 254 172.18.1.1 to 172.18.1.254 172.18.1.255
172.18.2.0 255.255.255.0 0.0.0.255 254 172.18.2.1 to 172.18.2.254 172.18.2.255
172.18.3.0 255.255.255.0 0.0.0.255 254 172.18.3.1 to 172.18.3.254 172.18.3.255
172.18.4.0 255.255.255.0 0.0.0.255 254 172.18.4.1 to 172.18.4.254 172.18.4.255
172.17.0.0 255.255.128.0 0.0.127.255 32766 172.17.0.1 to 172.17.127.254 172.17.127.255
172.17.127.0/29: 172.17.127.0 255.255.255.248 0.0.0.7 6 172.17.127.1 to 172.17.127.6 172.17.127.7
172.17.1.0 255.255.255.0 0.0.0.255 254 172.17.1.1 to 172.17.1.254 172.17.1.255
172.17.2.0 255.255.255.0 0.0.0.255 254 172.17.2.1 to 172.17.2.254 172.17.2.25
172.17.3.0 255.255.255.0 0.0.0.255 254 172.17.3.1 to 172.17.3.254 172.17.3.255
172.17.4.0 255.255.255.0 0.0.0.255 254 172.17.4.1 to 172.17.4.254 172.17.4.255
172.16.0.0 255.255.128.0 0.0.127.255 32766 172.16.0.1 to 172.16.127.254 172.16.127.255
172.16.127.0/29: 172.16.127.0 255.255.255.248 0.0.0.7 6 172.16.127.1 to 172.16.127.6 172.16.127.7
172.16.1.0 255.255.255.0 0.0.0.255 254 172.16.1.1 to 172.16.1.254 172.16.1.255
172.16.2.0 255.255.255.0 0.0.0.255 254 172.16.2.1 to 172.16.2.254 172.16.2.255
172.16.3.0 255.255.255.0 0.0.0.255 254 172.16.3.1 to 172.16.3.254 172.16.3.255
172.16.4.0 255.255.255.0 0.0.0.255 254 172.16.4.1 to 172.16.4.254 172.16.4.255
Do I need to create 3 new virtual networks or should I use the existing and add something like... ???
10.140.127.0/29: 10.140.127.0 255.255.255.248 0.0.0.7 6 10.140.127.1 to 10.140.127.6 10.140.127.7
10.140.200.0 255.255.255.0 0.0.0.255 254 10.140.200.1 to 10.140.200.254 10.140.200.255
10.140.201.0 255.255.255.0 0.0.0.255 254 10.140.201.1 to 10.140.201.254 10.140.201.255
10.140.202.0 255.255.255.0 0.0.0.255 254 10.140.202.1 to 10.140.202.254 10.140.202.255
10.140.203.0 255.255.255.0 0.0.0.255 254 10.140.203.1 to 10.140.203.254 10.140.203.255
10.140.128.0/29: 10.140.128.0 255.255.255.248 0.0.0.7 6 10.140.128.1 to 10.140.128.6 10.140.128.7
10.140.204.0 255.255.255.0 0.0.0.255 254 10.140.204.1 to 10.140.204.254 10.140.204.255
10.140.205.0 255.255.255.0 0.0.0.255 254 10.140.205.1 to 10.140.205.254 10.140.205.255
10.140.206.0 255.255.255.0 0.0.0.255 254 10.140.206.1 to 10.140.206.254 10.140.206.255
10.140.207.0 255.255.255.0 0.0.0.255 254 10.140.207.1 to 10.140.207.254 10.140.207.255
10.140.129.0/29: 10.140.129.0 255.255.255.248 0.0.0.7 6 10.140.129.1 to 10.140.129.6 10.140.129.7
10.140.208.0 255.255.255.0 0.0.0.255 254 10.140.208.1 to 10.140.208.254 10.140.208.255
10.140.209.0 255.255.255.0 0.0.0.255 254 10.140.209.1 to 10.140.209.254 10.140.209.255
10.140.210.0 255.255.255.0 0.0.0.255 254 10.140.210.1 to 10.140.210.254 10.140.210.255
10.140.211.0 255.255.255.0 0.0.0.255 254 10.140.211.1 to 10.140.211.254 10.140.211.255
Thanks in advance!!
Thank You, Joe
↧
Configure site to site with fortigate 100D
Hi,
How do you configure site to site VPN to fortigate firewall
What are the step to be taken?
Thanks
↧