I have a Site-To-Site VPN connection established between my ASA 5505 and the Azure VNet. In order to create the connection, I used the script provided by MS after the Gateway was created. The Azure console shows that data has been sent and received, albeit not very much. I cannot ping or RDP to resources in either Azure or On-Prem across the VPN. I disabled the Windows Firewall on the Azure VM, so nothing should be blocked.
My internal network is 192.168.0.0/24
My Azure VNet is 10.11.12.0/24 (10.11.12.4-254)
Subnet -1 is 10.11.12.9/29 (10.11.12.12-14)
Gateway Subnet is 10.11.12.0/29 (10.11.12.4-6)
DNS servers are 192.168.0.3 and 192.168.0.4
Running Tracert on the Azure VM show it hitting the gateway, but that's as far as it gets. I have ran Packet Trace tests from the ASA, and shows that packets are allowed through the VPN.
My gut tells me that there is a routing issue somewhere, and have spent hours on Google and Bing to see if any additional configuration on the ASA needs to be done, but have not found a post that states this.
I had a coworker who has deployed Azure Gateways before sanity check my work, and he agreed that it should be working.
We did run a capture log from Powershell against the VPN, and these errors are in the log:
[user] |Public IP|IkeAcquireCredentialsHandleHelper failed with Windows error -2146893042(SEC_E_NO_CREDENTIALS)
[user] |Public IP|IkeAcquireCredentialsHandleHelper failed with HRESULT 0x8009030e(SEC_E_NO_CREDENTIALS)
[user] |Public IP|IkeAcquireCredentialsHandle failed with HRESULT 0x8009030e(SEC_E_NO_CREDENTIALS)
[user] |Public IP|IkeInitializeSspi failed with HRESULT 0x8009030e(SEC_E_NO_CREDENTIALS)
[user] |Public IP|IkeCreateSspiIke failed with HRESULT 0x8009030e(SEC_E_NO_CREDENTIALS)
Searching around, it looks like these may be related to IKEv2, but that isn't used in this type of connection.
Any suggestions will be greatly appreciated.
