{"id":27658,"date":"2020-12-22T05:25:56","date_gmt":"2020-12-22T05:25:56","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=27658"},"modified":"2023-04-14T09:49:39","modified_gmt":"2023-04-14T09:49:39","slug":"troubleshooting-an-azure-site-to-site-vpn-connection","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/","title":{"rendered":"Troubleshooting an Azure site-to-site VPN connection"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-104-microsoft-azure-administrator-associate\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Go back to Tutorial<\/strong><\/a><\/p>\n\n\n\n<p>After you configure a site-to-site VPN connection between an on-premises network and an Azure virtual network, the VPN connection suddenly stops working and cannot be reconnected. In this, we will learn the troubleshooting steps to help you resolve this problem.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Troubleshooting steps<\/strong><\/h4>\n\n\n\n<p>An Azure site-to-site VPN connection allows on-premises resources to securely communicate with Azure resources over an encrypted VPN tunnel. However, if the VPN connection is not functioning properly, it can impact the availability and performance of critical applications and services. Here are some troubleshooting steps to resolve issues with an Azure site-to-site VPN connection:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 1. Check whether the on-premises VPN device is validated<\/strong><\/h4>\n\n\n\n<p>Firstly, check whether you are using a validated VPN device and operating system version. And, if the device is not a validated VPN device, you might have to contact the device manufacturer to see if there is a compatibility issue.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 2. Verify the shared key<\/strong><\/h4>\n\n\n\n<p>Firstly, compare the shared key for the on-premises VPN device to the Azure Virtual Network VPN to make sure that the keys match. However, to view the shared key for the Azure VPN connection, use one of the following methods:<\/p>\n\n\n\n<p><strong>Azure portal<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firstly, go to the VPN gateway site-to-site connection that you created.<\/li>\n\n\n\n<li>Then, in the Settings section, click Shared key.<\/li>\n<\/ul>\n\n\n\n<p><strong>Azure PowerShell<\/strong><\/p>\n\n\n\n<p><strong>For the Azure Resource Manager deployment model:<\/strong><\/p>\n\n\n\n<p><strong>Azure PowerShell<\/strong><br><em>Get-AzVirtualNetworkGatewayConnectionSharedKey -Name -ResourceGroupName<\/em><\/p>\n\n\n\n<p><strong>For the classic deployment model:<\/strong><\/p>\n\n\n\n<p><strong>Azure PowerShell<\/strong><br><em>Get-AzureVNetGatewayKey -VNetName -LocalNetworkSiteName<\/em><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/www.testpreptraining.ai\/microsoft-azure-administrator-associate-az-104-free-practice-test\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"117\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/12\/z104-prac-tests-1-750x117.png\" alt=\"AZ-104  practice tests\" class=\"wp-image-27611\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/12\/z104-prac-tests-1-750x117.png 750w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/12\/z104-prac-tests-1.png 961w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\"><br><strong>Step 3. Verify the VPN peer IPs<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The IP definition in the Local Network Gateway object in Azure should match the on-premises device IP.<\/li>\n\n\n\n<li>The Azure gateway IP definition that is set on the on-premises device should match the Azure gateway IP.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 4. Check UDR and NSGs on the gateway subnet<\/strong><\/h4>\n\n\n\n<p>First, Check for and remove user-defined routing (UDR) or Network Security Groups (NSGs) on the gateway subnet. And then, test the result. If the problem is resolved, validate the settings that UDR or NSG applied.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 5. Check the on-premises VPN device external interface address<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firstly, if the Internet-facing IP address of the VPN device is included in the Local network definition in Azure, you might experience sporadic disconnections.<\/li>\n\n\n\n<li>Secondly, the device&#8217;s external interface must be directly on the Internet. There should be no network address translation or firewall between the Internet and the device.<\/li>\n\n\n\n<li>Thirdly, to configure firewall clustering to have a virtual IP, you must break the cluster and expose the VPN appliance directly to a public interface that the gateway can interface with.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 6. Verify that the subnets match exactly (Azure policy-based gateways)<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firstly, verify that the virtual network address space(s) match exactly between the Azure virtual network and on-premises definitions.<\/li>\n\n\n\n<li>Then, verify that the subnets match exactly between the Local Network Gateway and on-premises definitions for the on-premises network.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 7. Verify the Azure gateway health probe<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firstly, open health probe by browsing URL.<\/li>\n\n\n\n<li>Then, click through the certificate warning.<\/li>\n\n\n\n<li>Then, if you receive a response, the VPN gateway is considered healthy. And, if you don&#8217;t receive a response, the gateway might not be healthy or an NSG on the gateway subnet is causing the problem. The following text is a sample response:<\/li>\n<\/ul>\n\n\n\n<p><strong>XML<\/strong><br><em>&lt;?xml version=&#8221;1.0&#8243;?&gt; &lt;string xmlns=&#8221;http:\/\/schemas.microsoft.com\/2003\/10\/Serialization\/&#8221;&gt;Primary Instance: GatewayTenantWorker_IN_1 GatewayTenantVersion: 14.7.24.6&lt;\/string&gt;<\/em><br><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 8. Check whether the on-premises VPN device has the perfect forward secrecy feature enabled<\/strong><\/h4>\n\n\n\n<p>The perfect forward secrecy feature can cause disconnection problems. If the VPN device has perfect forward secrecy enabled, disable the feature. Then update the VPN gateway IPsec policy.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/www.testpreptraining.ai\/microsoft-azure-administrator-associate-az-104-online-course\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"117\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/12\/az104-online-course-750x117.png\" alt=\"Troubleshooting an Azure site-to-site VPN connection AZ-104 online course\" class=\"wp-image-27612\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/12\/az104-online-course-750x117.png 750w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/12\/az104-online-course.png 961w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>AZ-104 Exam Practice Questions<\/strong><\/h2>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Question: You have configured an Azure site-to-site VPN connection between your on-premises network and an Azure virtual network. However, you are unable to access resources in the Azure virtual network from the on-premises network. What could be the issue?<\/strong><\/h4>\n\n\n\n<p>A) Incorrect VPN type configured on the Azure VPN gateway<\/p>\n\n\n\n<p>B) Incorrect routing tables on the on-premises network<\/p>\n\n\n\n<p>C) Firewall settings blocking traffic over the VPN connection<\/p>\n\n\n\n<p>D) Incorrect IP address configured on the Azure VPN gateway<\/p>\n\n\n\n<p>Answer: b) Incorrect routing tables on the on-premises network. The routing tables on both the on-premises and Azure networks need to be correctly configured to route traffic between the two networks through the VPN connection.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Question: You are monitoring network traffic between your on-premises network and an Azure virtual network over a site-to-site VPN connection. You notice that traffic is being dropped at the Azure VPN gateway. What could be the issue?<\/strong><\/h4>\n\n\n\n<p>A) Incorrect subnet configured on the Azure VPN gateway<\/p>\n\n\n\n<p>B) Incorrect shared key configured on the on-premises VPN device<\/p>\n\n\n\n<p>C) Firewall settings blocking traffic over the VPN connection<\/p>\n\n\n\n<p>D) Incorrect VPN type configured on the on-premises VPN device<\/p>\n\n\n\n<p>Answer: c) Firewall settings blocking traffic over the VPN connection. Firewall settings on both the on-premises and Azure networks need to be correctly configured to allow traffic over the VPN connection.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Question: You have configured an Azure site-to-site VPN connection between your on-premises network and an Azure virtual network. However, you are experiencing performance issues when accessing resources in the Azure virtual network from the on-premises network. What could be the issue?<\/strong><\/h4>\n\n\n\n<p>A) Incorrect VPN type configured on the Azure VPN gateway<\/p>\n\n\n\n<p>B) Incorrect routing tables on the Azure virtual network<\/p>\n\n\n\n<p>C) Incorrect subnet configured on the Azure VPN gateway<\/p>\n\n\n\n<p>D) Network bandwidth limitations<\/p>\n\n\n\n<p>Answer: d) Network bandwidth limitations. Performance issues could be caused by network bandwidth limitations between the on-premises and Azure networks. Consider increasing the network bandwidth or optimizing the network configuration to improve performance.<\/p>\n\n\n\n<p><strong>Reference:<\/strong> <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/vpn-gateway\/vpn-gateway-troubleshoot-site-to-site-cannot-connect\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Documentation<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-104-microsoft-azure-administrator-associate\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Go back to Tutorial<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Go back to Tutorial After you configure a site-to-site VPN connection between an on-premises network and an Azure virtual network, the VPN connection suddenly stops working and cannot be reconnected. In this, we will learn the troubleshooting steps to help you resolve this problem. Troubleshooting steps An Azure site-to-site VPN connection allows on-premises resources to&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-27658","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Troubleshooting an Azure site-to-site VPN connection - Testprep Tutorials<\/title>\n<meta name=\"description\" content=\"Increase your skills by learning about Troubleshooting an Azure site-to-site VPN connection using Microsoft Azure AZ-104 online course Now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Troubleshooting an Azure site-to-site VPN connection - Testprep Tutorials\" \/>\n<meta property=\"og:description\" content=\"Increase your skills by learning about Troubleshooting an Azure site-to-site VPN connection using Microsoft Azure AZ-104 online course Now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-14T09:49:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/12\/z104-prac-tests-1-750x117.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/\",\"name\":\"Troubleshooting an Azure site-to-site VPN connection - Testprep Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2020-12-22T05:25:56+00:00\",\"dateModified\":\"2023-04-14T09:49:39+00:00\",\"description\":\"Increase your skills by learning about Troubleshooting an Azure site-to-site VPN connection using Microsoft Azure AZ-104 online course Now!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Troubleshooting an Azure site-to-site VPN connection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Troubleshooting an Azure site-to-site VPN connection - Testprep Tutorials","description":"Increase your skills by learning about Troubleshooting an Azure site-to-site VPN connection using Microsoft Azure AZ-104 online course Now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/","og_locale":"en_US","og_type":"article","og_title":"Troubleshooting an Azure site-to-site VPN connection - Testprep Tutorials","og_description":"Increase your skills by learning about Troubleshooting an Azure site-to-site VPN connection using Microsoft Azure AZ-104 online course Now!","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2023-04-14T09:49:39+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/12\/z104-prac-tests-1-750x117.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/","name":"Troubleshooting an Azure site-to-site VPN connection - Testprep Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2020-12-22T05:25:56+00:00","dateModified":"2023-04-14T09:49:39+00:00","description":"Increase your skills by learning about Troubleshooting an Azure site-to-site VPN connection using Microsoft Azure AZ-104 online course Now!","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/troubleshooting-an-azure-site-to-site-vpn-connection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Troubleshooting an Azure site-to-site VPN connection"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/27658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=27658"}],"version-history":[{"count":7,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/27658\/revisions"}],"predecessor-version":[{"id":61354,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/27658\/revisions\/61354"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=27658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=27658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=27658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}