Hi all,
I've set up a new P2S and S2S VPN, and I just can't get either to work. The S2S I suspect it's more an issue with equipment on our end, however I've followed the set up guide here (using powershell in ARM) to the letter: https://azure.microsoft.com/en-gb/documentation/articles/vpn-gateway-howto-point-to-site-rm-ps/
I have 2 VMs in a VNet with address space 10.0.0.0/16 that I need to access through the VPNs. I can connect to the P2S VPN from my laptop fine, but I can't access the VMs on the other subnet when connected, despite having configured a connection between the
virtual networks. I've also just tried the new "peering" feature in the UI which hasn't helped either.
Any assistance would be greatly appreciated!
The powershell script I ran to create the P2S VPN is as below:
$VNetName Β = "P2SVNet"
$FESubName = "FrontEnd"
$BESubName = "Backend"
$GWSubName = "GatewaySubnet"
$VNetPrefix1 = "10.10.0.0/16"
$VNetPrefix2 = "10.11.0.0/16"
$FESubPrefix = "10.10.1.0/24"
$BESubPrefix = "10.11.1.0/24"
$GWSubPrefix = "10.10.200.0/26"
$VPNClientAddressPool = "10.12.0.0/24"
$RG = "RG"
$Location = "removed"
$DNS = "8.8.8.8"
$GWName = "GW"
$GWIPName = "GWIP"
$GWIPconfName = "gwipconf"
$P2SRootCertName = "RootCert.cer"
$fesub = New-AzureRmVirtualNetworkSubnetConfig -Name $FESubName -AddressPrefix $FESubPrefix
$besub = New-AzureRmVirtualNetworkSubnetConfig -Name $BESubName -AddressPrefix $BESubPrefix
$gwsub = New-AzureRmVirtualNetworkSubnetConfig -Name $GWSubName -AddressPrefix $GWSubPrefix
New-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG -Location $Location -AddressPrefix $VNetPrefix1,$VNetPrefix2 -Subnet $fesub, $besub, $gwsub -DnsServer $DNS
$vnet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet
$pip = New-AzureRmPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location -AllocationMethod Dynamic
$ipconf = New-AzureRmVirtualNetworkGatewayIpConfig -Name $GWIPconfName -Subnet $subnet -PublicIpAddress $pip
I created the self-signed certificates and then configured the Certificates in Azure:
$MyP2SRootCertPubKeyBase64 = "removed"
$p2srootcert = New-AzureRmVpnClientRootCertificate -Name $P2SRootCertName -PublicCertData $MyP2SRootCertPubKeyBase64
New-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG -Location $Location -IpConfigurations $ipconf -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -GatewaySku Standard -VpnClientAddressPool $VPNClientAddressPool -VpnClientRootCertificates
$p2srootcert
Get-AzureRmVpnClientPackage -ResourceGroupName $RG -VirtualNetworkGatewayName $GWName -ProcessorArchitecture Amd64
I connected the P2S VNet with the VM VNet:
$GWName1 = "VMGW"
$GWName2 = "P2SGW"
$Connection12 = "VNet1toVNet2"
$Connection21 = "VNet2toVNet1"
$vnet1gw = Get-AzureRmVirtualNetworkGateway -Name $GWName1 -ResourceGroupName $RG
$vnet2gw = Get-AzureRmVirtualNetworkGateway -Name $GWName2 -ResourceGroupName $RG
New-AzureRmVirtualNetworkGatewayConnection -Name $Connection12 -ResourceGroupName $RG -VirtualNetworkGateway1 $vnet1gw -VirtualNetworkGateway2 $vnet2gw -Location $Location -ConnectionType Vnet2Vnet -SharedKey 'removed'
New-AzureRmVirtualNetworkGatewayConnection -Name $Connection21 -ResourceGroupName $RG -VirtualNetworkGateway1 $vnet2gw -VirtualNetworkGateway2 $vnet1gw -Location $Location -ConnectionType Vnet2Vnet -SharedKey 'removed'