I have an AWS vpn gateway connected to Azure VNet in EastUS and it's working ok. I want to create another VM in CentralUS so I created another VNet in CentralUS and created VNet peering between this and the EastUS one. The VNet peering also working but I can't access from my VPC in AWS. I added another static route to the private cidr of CentralUS, but I can't reach it. Any ideas please? Not sure what else to do to make it work...
Asked
Active
Viewed 202 times
0
-
Any chance you could add a diagram of what is not working? between AWS and Azure do you have VPN S2S ? Is there any Firewall between those VNETS? Does peering allow traffic forwarding ? – Greg Jun 06 '22 at 15:53
-
Hi @Greg, I have a RDS on AWS us-east-1 and I wanted to connect my Azure env to this RDS with VPN gateway. I followed this manual - https://techcommunity.microsoft.com/t5/fasttrack-for-azure/how-to-create-a-vpn-between-azure-and-aws-using-only-managed/ba-p/2281900 And I have connection from Azure EastUS to AWS us-east-1, and I have access from EastUS to my RDS in AWS us-east-1. Now I need to deploy another VM on CentralUS, so I did VNet peering between EastUS and CentralUS, and it's working between them, but I can't reach to the RDS from CentralUS.... – yershalom Jun 06 '22 at 18:36
-
1Hi @KartikBhiwapurkar-MT, Thanks for answering, I have managed to solve it eventually. I had a misconfiguration with my local network gateway. I had the wrong cidr there. Thanks! – yershalom Jul 05 '22 at 06:05
1 Answers
0
• I would suggest you to please check the VM’s NSG in that is deployed in Central US for allowed ports and services as you might be accessing the VM in Central US from East US over VPN using RDP or SSH which use port 3389 over TCP and 22 over TCP respectively. Thus, kindly check for these ports if they are allowed or not in the AWS VPC as well as in the Azure VM’s NSG.
• Also, please check if any corporate network Azure policy is not in place for the Central US region regarding deploying Azure resources in that region like VMs and connecting to them. You will be able to see the corporate network Azure policy like ‘Zero Trust Network Security’ if configured that is blocking the access to that VM from East US in network manager’s section.
• Check the Public IP address that you have configured in the AWS VPN connection as well as in Azure virtual network gateway along with the configuration file that you have downloaded from the AWS console.
• It can also be the case that the IKEv1 preshared key might have expired or not entered correctly. Thus, kindly please also check into it. Also, I would suggest you check other parameters like the encryption schemes used in the VPN gateway that have been configured in AWS as well as in Azure. Might be there must be some glitch in configuring that in Azure side.
• Please also check the connection from the VM that is created in Central US by executing the below command from the VM to check whether any port is blocked or not. Just replace the port number in the below command: -
Test-NetConnection -Port 80 -InformationLevel "Detailed"
Kartik Bhiwapurkar
- 4,550
- 2
- 4
- 9