0

I recently re-deployed a VM to achieve multiple NIC's (IIS needs an ip address per SSL site).

I also have a Point-to-Site VPN into a seperate subnet, but as the MS docs says, they are automatically routed between on the same VNet.

All this worked fine, VM1 can ping interfaces VM2, VM3 etc. and vice versa.

But now after redeploying VM1 with two interfaces, i cannot ping interface 2 from the VPN. All internal traffic is still ok, i can ping VM1 interface2 from VM2, VM3, etc.

I made a few explanations from the Azure Diagram.

Azure Subnet Diagram

So the question is, why can't i ping Interface2 on VM1 after loggin into the Point-to-Site VPN?

Improve this question
2
  • All your VMs are in the same subnet. But the gateway is using a different subnet called gateway subnet. So, this issue might not be caused by the gateway. Please try to add a new subnet and try to ping the VM with this issue from the new subnet.
    – Steven Lee - MSFT
    Commented May 11, 2017 at 7:14
  • @StevenLee-MSFT I moved the right most machine to a new subnet and it now has 172.31.100.4 and it cannot ping 172.31.103.7. I assigned a public ip to the "gateway dead" interface but it is unreachable from the outside. :(
    – Brunis
    Commented May 11, 2017 at 12:08

1 Answer 1

Reset to default
1

I test it for you on my lab. It turns out that this is not caused by VPN Gateway.

I checked the route entry on my server which has two NICs and I found that only one default route exists. Then I tried to add another default route for the interface which doesn't have one. After that I can ping both of them.

solution

By the way, two NICs are normally used in the scenario that one VM needs to connect to the front-end and back-end networks. Which means that only one NIC has the default gateway. Configuring 2 default gateway on the same machine is not recommended and may cause unexpected issue.

Improve this answer
4
  • If i segment a subnet into two parts, could i have 128 adresses assigned to VM's and the rest to the vpn gateway, so they are all on the same subnet without needing routes or gw's ?
    – Brunis
    Commented May 11, 2017 at 12:10
  • @Brunis No, it doesn't work. Because the VPN clients are definitely from other subnet. Please try to add the default route I mentioned above as a workaround.
    – Steven Lee - MSFT
    Commented May 12, 2017 at 9:54
  • Ok, will try. But it doesn't explain why the external ip of the second interface is just a dead. I dont think an external ip should need a LAN gateway to be reached?
    – Brunis
    Commented May 15, 2017 at 8:18
  • @Brunis Actually, you need the LAN gateway to reach the external IP since the external IP is mapped to the private IP with NAT. After you add the route entry, the external IP will be reachable too.
    – Steven Lee - MSFT
    Commented May 18, 2017 at 8:12

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .