Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 04:54:58 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  GW-2-GW with Azure connection problem
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: GW-2-GW with Azure connection problem  (Read 21999 times)
Mo_Hong
Jr. Member
*
Offline Offline

Posts: 4


« on: Thursday 20 August 2015, 07:50:20 am »

Hi!

We have the following scenario, in which we have connected two EFW Community via GW-2-GW VPN and one of those EFW is connected to Azure:

          VMs - 10.2.6.0/24                LAN - 10.2.0.0/23                      LAN - 10.2.3.0/24
              MS Azure<———---------———> EFW S1 <—————————> EFW S2
         Public IP - 2X.x.x.x                  Public IP -1x.x.x.x                  Public IP -1x.x.x.x


S1 and S2 has 2 different Public IPs from different ISP
S1 is connected to Azure via an IPSec VPN (MS recommended config)
S1 and S2 are connected via one IPSec tunnel and one OpenVPN Tunnel
S1 is the OpenVPN Server and S2 the OpenVPN Client (GW-2-GW)
           
As you can see, we have S1 connected directly to Azure via the IPSec VPN and when we ping/traceroute from any PC in the LAN to the VMs in Azure we can reach them without any problem. This happens also when you ping/traceroute from Azure VMs to any PC on S1.

From S2 things are not working that well. If we do a ping/traceroute from the EFW on S2, we can reach the VMs without any trouble. But when we try the same ping/traceroute from any PC behind the EFW on S2, we cannot reach the VMs with the ping (timeout) and the traceroute gets "lost" when it arrives to the EFW on S1: It does the hop from the PC to the EFW S2, then from the EFW S2 to the EFW S1 and from there it simply timesout. What we need is for all the PCs on S2 to reach the servers/VMs on Azure as the PCs on S1 can do.

We have tried many possible changes on the routing tables on the EFW S1 and on the EFW S2 without any possitive results, and also we have opened all rules on the VPNFW on the two EFW. We have even set as GW the Azure public IP, and this have not worked. Also, take in consideration that we have established between S1 and S2 two VPN tunnels, one via IPSec and one via OpenVPN.

Also, the EFW on S1 is 3.0.5 and the EFW on S2 is 3.0.

In advance thanks for any help you can give us to solve this issue.
Logged
svritc_81
Full Member
***
Offline Offline

Posts: 27


« Reply #1 on: Sunday 10 April 2016, 01:38:26 am »

Dear Hong,

I am guessing you have to write a static route on S2 for the Azure(destination) to reach traffic via S1(Source) as informed by you Azure VMs can reach S2 LAN PCs.

Also check you VPN Firewall Settings for the subnets you have mentioned are allowed.

have a good luck
Logged
jsolanki
Jr. Member
*
Offline Offline

Posts: 4



« Reply #2 on: Thursday 10 January 2019, 01:07:34 am »

Hi Guys,
I know this is an old post, but I am trying to get an Azure S2S setup with Endian, and I was hoping if you would be able to share how you went about this. I am new to endian, so struggling with the IPSec setup.
Jai
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 17 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com