Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Configure point-to-site VPN from Function to VNet

      Functions are great. VNets are great. Point-to-site VPN is great. It would be even greater, if you could configure a function app to talk securely with a VNet through point-to-site VPN. Just as you can with a web app.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. point to site in resource manager

      Azure Resource Manager needs some sort of Point-To-Site VPN capability. We can't transition away from Classic without it. PPTP or L2TP would be ideal, but even SSTP is better than nothing.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Add activity logs events for failover and update of a virtual network gateway

      Currently, a VNG can be updated and fail-over (or, in our case, just plain fail) without any information for the end user. Updates and failover events should appear in the activity log so the end user has a chance of determining why users are disconnected or why the VPN is not working.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. When creating a VPN Gateway Connection, create an error when the password doesn't meet the password requirements.

      When you create a new VPN gateway connection, if you enter a password that doesn't meet the password restrictions (no special character), you can still create the connection and not know that there is an issue.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. pls put the two powershell scripts together

      today I made the mistake to execute the one, then missed the point for the client certificate creation and finally the VPN client did not find it.
      The evening I read the article again... the text descriptoin obfuscates this a bit, it only says "same powershell sessoin" or something, but just throwing both of them in powershell IE and execute them together got me to the goal.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. could you please update the script for Cisco ASA as i see many bugs and many are having hard time in establishing the tunnel with azure

      could you please update the script for Cisco ASA as i see many bugs and many are having hard time in establishing the tunnel with azure with many ASA models and OS versions below 9.8.2

      please confirm the which IKE parameters for a connection works for stable IKeV2 route based tunnel with policy based TS enabled. I see many times the tunnel which is good for many days abruptly goes down all of a sudden with out any changes being made. Appreciate your help.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Classic to ARM VNet Migration - Recreate Site-to-Site connections

      I have recently migrated a classic virtual network with a Site-to-Site VPN connection to an ARM VNet using platform-supported migration.

      When the connection between the 2 networks was recreated under the ARM platform it defaulted to a VNet-to-VNet connection which meant a loss of connectivity between the 2 networks. I had to add create another LNG and recreate the connection as a Site-to-Site.

      Now I understand the benefits of VNet-to-VNet connections but I would like the platform-supported migration to respect the existing connection type and recreate this correctly.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Validate YAMAHA RTX830 and RTX1210 for Azure VPN Gateway

      YAMAHA RTX router series ( https://network.yamaha.com/products/routers )
      are not validated as VPN devices:
      https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-about-vpn-devices

      Nevertheless I or some Japanese are struggling to connect Azure VPN Gateway with YAMAHA RTX routers.
      we are able to have connection but there are some troubles reported on blogs.
      We need to verification.

      At kakaku.com(the most popular Bestbuy ranking site in Japan),
      YAMAHA RTX830 and RTX1210 are the top 2 selling products nowadays.
      Previous models are also popular for a couple of decades in Japan.
      I think the verification will have huge impact in Japan to support VPN Gateway at SOHO environments.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Folks,

      Thanks for reaching out to us regarding the VPN device issues. In general, our team needs to work with the VPN device vendor, in this case, Yamaha, to validate their VPN devices connecting to Azure VPN gateways.

      To get things started, we will need someone from Yamaha to contact us, either via Microsoft Japan if that’s easier, or open an issue on the page directly. Once we establish the contact, we can proceed to work with Yamaha to validate their VPN devices.

      Thanks,
      Yushun [MSFT]

    9. VNET GW packet filter

      Hi All.

      I would like to set up a packet filter for VPN GW.
      It is the same as RRAS packet filter setting.
      Inbound IP address and port range filter, and outbound IP address and port range filter.

      Our VNET is connecting between sites with customers' VNET and VNET GW. Even if it is attacked from outside the customer's VNET, I do not want to endanger our VNET. I would like to filter traffic arriving at VNET with source IP and destination port number.

      How can it be realized?

      regards.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Please provide metric for Point-to-Site VPN traffic

      We can't meter Point-to-Site VPN usage now.
      Please provide metric for Point-to-Site VPN traffic like Site-to-Site tunnnel metric.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Get Point-to-Site VPN status by Azure CLI

      I want to get health status of Point-to-Site VPN by Azure CLI.
      I can get this status by Azure portal, but Azure CLI can not.

      If I use Azure CLI command without debug, this status can not get.
      But if I use Auzre CLI with debug option, I can get this status.

      This coomand can get P2S status.
      ex) az network vnet-gateway show --resource-group RG --name VPNGW --debug

      I hope improving this issue.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Allow special chartacters in the pre-shared key for IPSec VPN tunnels

      Allow special chartacters in the pre-shared key for IPSec VPN tunnels

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Support CIDR in Point to Site Networking (RFC1918 bug)

      Azure forces clients to have a class A default route when using 10.x.x.x as their internal network. This should reflect the subnet mask illustrated in the portal

      More information:

      http://serverfault.com/q/818383/51457

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Set up a VPN device script Link as present in the Classic Portal

      I was setting up the Site to Site in New portal and found the link to download the VPN script wasn't present as in Classic portal. It would be good we have that link in new portal so that we can share that Network admins to setup site-site Connection with on-premise and Azure Vnet

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. provide diagnostic ability in Azure Resource Manager VPN tunnels

      The PowerShell command that is used in the classic "ASM" VPN troubleshooting is not compatible with the new Azure Resource Manager VPN tunnels. This makes it very difficult to troubleshoot VPN problems.

      The newest Azure PowerShell doesn't provide any start-azureRMvirtualnetworkgatewaydiagnostics like the old azure services manager did.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Allow Multiple VNETs in a Gateway

      It would be great to be able to have three (or more) regions participating in a VNET. Currently you can deploy a multi-region, multi-subnet architecture using VNETs and their gateways by pointing them at one another with site-to-site. However, if you want to add a third region into that mix, it's not possible with the way Azure infrastructure is right now.

      The use case is AlwaysOn Availability Groups. Right now, I could, say, have East US and West US creating a geographically dispersed solution. However, when it comes to where to put the file share witness, it has to go…

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Manually Assign GatewaySubnet and better field validation

      I want to be able to assign my GatewaySubnet, not have the system pick the next available subnet and crash everytime I try to change it!

      The only way I could get it to use the Subnet I wanted as the gateway was to create 63 other subnets so there was only one that was not in use.

      It also failed to create any virtual network with an Ampersand "&" in the Network name, even though it came up with a green tick next to the name when I tried to create it.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    1 2 3 4 5 7 Next →
    • Don't see your idea?

    Feedback and Knowledge Base