Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow Azure Basic VPN Gateway to connect from OpenVPN client

      Allow Azure Basic VPN Gateway to connect from OpenVPN client

      If deploy VPN Gateway and follow this instruccions [1], Azure Powershells shows this error:

      Set-AzureRMVirtualNetworkGateway: Vpn Client protocol OpenVPN is not supported for basic Sku Gateway [..]

      [1] https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. When creating a VPN Gateway Connection, create an error when the password doesn't meet the password requirements.

      When you create a new VPN gateway connection, if you enter a password that doesn't meet the password restrictions (no special character), you can still create the connection and not know that there is an issue.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Add activity logs events for failover and update of a virtual network gateway

      Currently, a VNG can be updated and fail-over (or, in our case, just plain fail) without any information for the end user. Updates and failover events should appear in the activity log so the end user has a chance of determining why users are disconnected or why the VPN is not working.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Add DHCP address Pool options to the Point-to-Site VPN

      When I connect to the P2S vpn I need to be able to set an an address pool. Right now when I connect there is nothing to determine the addressing besides defining a subnetmask. However the addresssing starts at (0) so when I connect to the VPN I will be assigned example 192.168.1.0 as my IP address. I am able to connect to the Azure Network Gateway, But I am not able to connect to any Site-2-Site connections I have connected to Azure.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Microsoft.Network/virtualNetworkGateways provision so longgggggggggggggggggggggggggg

      Hi currently in our project we heavily using Azure Resource

      And with current implement we using ARM template and powershell to provisioning all kind of resource. So I notice that with normal resource it only take around few second to 2 or 3 minute to finish except

      Microsoft.Network/virtualNetworkGateways
      It sometime take up to 1 hour to provision and it is like a pain in my *** that I really don't know why. Can someone so me a way to reduce provision time for Microsoft.Network/virtualNetworkGateways or explain for me in detail way why it take so much time to provision?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. About VPN gateway DNS

      Can VPN gateway push a new DNS server address to client when the client connected

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. pls put the two powershell scripts together

      today I made the mistake to execute the one, then missed the point for the client certificate creation and finally the VPN client did not find it.
      The evening I read the article again... the text descriptoin obfuscates this a bit, it only says "same powershell sessoin" or something, but just throwing both of them in powershell IE and execute them together got me to the goal.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Notification of the change of VPN Gateway FQDN

      I've found change of VPN Gateway FQDN from "cloudapp.net" to "vpn.azure.com" without notification.
      And this caused that P2S connection was denied on our proxy server because the server had allowed only old FQDN "cloudapp.net".
      It takes time to add new FQDN to proxy server,
      so I want you to notify us before the change like this.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Authentication to VPN Gateway using Azure AD

      Add option to authenticate to VPN Gateway using existing Azure AD accounts. For security reason there should be option to add a group of users allowed to use VPN.

      This should help to use Azure VPN Gateway by customers which not use local AD DS servers

      61 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. could you please update the script for Cisco ASA as i see many bugs and many are having hard time in establishing the tunnel with azure

      could you please update the script for Cisco ASA as i see many bugs and many are having hard time in establishing the tunnel with azure with many ASA models and OS versions below 9.8.2

      please confirm the which IKE parameters for a connection works for stable IKeV2 route based tunnel with policy based TS enabled. I see many times the tunnel which is good for many days abruptly goes down all of a sudden with out any changes being made. Appreciate your help.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. vpn gateway slow to create

      Why does it take upwards of 30 minutes to create a vnet gateway?
      If I am doing a PowerShell script or a CI/CD deployment, the whole world stops while the VPN takes 30-odd minutes to be initialised and start. Can this please be addressed?

      61 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  11 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. VPN Connection Status Alert

      It would be nice to have built in alerting for when VPN connections are dropped/connecting. We've had to setup an hourly runbook to call a PowerShell command that pushes data to OMS and then create an alert. All of the data is available in resource health so it shouldn't be a difficult enhancement, we just have no native way to pull/alert the data.

      77 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Classic to ARM VNet Migration - Recreate Site-to-Site connections

      I have recently migrated a classic virtual network with a Site-to-Site VPN connection to an ARM VNet using platform-supported migration.

      When the connection between the 2 networks was recreated under the ARM platform it defaulted to a VNet-to-VNet connection which meant a loss of connectivity between the 2 networks. I had to add create another LNG and recreate the connection as a Site-to-Site.

      Now I understand the benefits of VNet-to-VNet connections but I would like the platform-supported migration to respect the existing connection type and recreate this correctly.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. VNET GW packet filter

      Hi All.

      I would like to set up a packet filter for VPN GW.
      It is the same as RRAS packet filter setting.
      Inbound IP address and port range filter, and outbound IP address and port range filter.

      Our VNET is connecting between sites with customers' VNET and VNET GW. Even if it is attacked from outside the customer's VNET, I do not want to endanger our VNET. I would like to filter traffic arriving at VNET with source IP and destination port number.

      How can it be realized?

      regards.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. List the private IP address of a virtual network gateway

      Show the private IP address of a virtual network gateway in the "Connected devices" blade.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Hi,

      Currently, the gateway private IP addresses are not required for configurations or operations, other than the GatewaySubnet range. They should have been hidden from users. The gateway resource model does not have a field for those either.

      There may be use cases for new features down the road. We will update the gateway resource model accordingly and expose those properly.

      Thanks,
      Yushun [MSFT]

    18. Please provide metric for Point-to-Site VPN traffic

      We can't meter Point-to-Site VPN usage now.
      Please provide metric for Point-to-Site VPN traffic like Site-to-Site tunnnel metric.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Validate YAMAHA RTX830 and RTX1210 for Azure VPN Gateway

      YAMAHA RTX router series ( https://network.yamaha.com/products/routers )
      are not validated as VPN devices:
      https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-about-vpn-devices

      Nevertheless I or some Japanese are struggling to connect Azure VPN Gateway with YAMAHA RTX routers.
      we are able to have connection but there are some troubles reported on blogs.
      We need to verification.

      At kakaku.com(the most popular Bestbuy ranking site in Japan),
      YAMAHA RTX830 and RTX1210 are the top 2 selling products nowadays.
      Previous models are also popular for a couple of decades in Japan.
      I think the verification will have huge impact in Japan to support VPN Gateway at SOHO environments.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Folks,

      Thanks for reaching out to us regarding the VPN device issues. In general, our team needs to work with the VPN device vendor, in this case, Yamaha, to validate their VPN devices connecting to Azure VPN gateways.

      To get things started, we will need someone from Yamaha to contact us, either via Microsoft Japan if that’s easier, or open an issue on the page directly. Once we establish the contact, we can proceed to work with Yamaha to validate their VPN devices.

      Thanks,
      Yushun [MSFT]

    20. Adjust route based VPN vNet gateway traffic selectors

      We use routes based VPNs for most connectivity to Azure. However, we do have some policy based VPNs that need access to Azure as well.

      Unfortunately, it doesn’t appear that Azure lets you configure the local network prefix When using traffic selectors in IPSEC.

      This is extremely common on network equipment outside of Azure. I’ll reference an example with a Juniper SRX.

      https://www.juniper.net/documentation/en_US/junos/topics/example/ipsec-vpn-traffic-selector-configuring.html

      Azure automatically uses every prefix configured within a vNet as the local prefix. It’s my hope that we can configure this per ‘Connection’ when using traffic selectors.

      Can we have this feature considered?

      Thank you.

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base