I have a Dynamic route S2S VPN set up between my on-premises environment and virtual network in Azure using Resource Manager.
My local machine (Office1) can RDP to a VM created in Azure (Azure1) no problem. However once connected I cannot ping/RDP from Azure1 to another on-premises machine (Office2) without first establishing a connection from Office2 to Azure1 directly. It seems the connectivity can only be initiated in one direction.
To prove this if I ping Office2 from Azure1, with the -t switch, pings time out until I ping Azure1 from Office2, at which point the pings succeed.
I have no special routing tables, network security groups and the windows firewall has been disabled on Azure1 (this VM doesn't have any public IPs associated with it).
I have previously set up a Static S2S VPN from another Vnet in Azure to my on-premises environment which worked with no problems however I would like to utilise the P2S and multi S2S functionality of Dynamic
My network engineer advised that before I initiate the Office2>Azure1 no packets can been seen on the firewall from Azure1 to Office2 which suggests that they are not leaving the Azure environment (Vnet gateway) but I have tried adding a Forced Tunnelling route table route and even then no packets were seen on the firewall.
Here is the initial ping request from Office2 to Azure1:
Reply from 192.168.152.4: bytes=32 time=345ms TTL=123
Reply from 192.168.152.4: bytes=32 time=13ms TTL=123
Reply from 192.168.152.4: bytes=32 time=14ms TTL=123
Reply from 192.168.152.4: bytes=32 time=11ms TTL=123
It looks as if the first ping has to wait for the tunnel to establish but I thought that with dynamic routing the tunnel was persistent and even if it wasn't, why isn't Azure1 able to request to tunnel to be opened.
I read through a similar question here Can't access on premises machines over Azure VPN but it didn't give me quite the help I'd hoped. Any suggestions would be appreciated
