Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. P2S Client Dynamic DNS Registration

      Point-to-Site (P2S) VPN Clients do not register DNS against VNet DNS Servers when connecting to VPN. This is supported by other VPN clients and should be supported by Azure.

      Expected Result: When a client connects to Azure P2S VPN, the client should initiate a Dynamic DNS Registration towards the VNet-defined DNS servers to register myhostname.mydomain.local with the IP address received via the VPN tunnel.

      This function is currently not supported, per this document:
      https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#does-point-to-site-support-auto-reconnect-and-ddns-on-the-vpn-clients

      167 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. AAD authenticated P2SVPN should support Mac (OS X)/Linux

      The new AAD authenticated P2SVPN seems to work great for our pilot Windows users. But to introduce this to our prod/stage environments we need support for Mac/Linux users.

      308 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Improvement of maintenance specifications for Azure VPN Gateway instances

      I already posted this feedback below on October 27th, and have collected 230 votes.
      However, due to UserVoice tool's trouble, the feedback cannot collect votes anymore, so I posted it again.


      We plan to provide a solution for financial institutions that utilizes Azure.
      However, we have 2 problems about maintenance specifications of Azure VPN Gateway instances.

      Request1: Could you extend the maintenance interval between two instances of VPN Gateway ?

      In some cases, the maintenance interval is not enough to reestablish VPN tunnel between on-premise devices and VPN gateway instances.
      We are having some trouble reestablishing of VPN tunnel.

      Request2:…

      246 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Multiple P2S VPN IP address pools

      A point-to-site configuration on a Virtual Network Gateway only allows one pool of dynamic IP Addresses. There is no way to restrict access to resources from specific VPN client users.

      If there was provision to allow different address pools and each pool assigned either via a configuration profile or somehow published as a separate application, access could be restricted based on user role by grouping VPN clients by separate address pools.

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Azure VPN Client: Minimize to Tray

      Add an option to minimize the Azure VPN Client to the system Tray. It's annoying to have it in the taskbar all the time.

      36 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Diffie-Hellman Group 14 in Basic SKU

      Upgrade VPN GW Basic SKU with Diffie-Hellman Group 14 or stronger. In the latest release of Cisco ASA 9.15 Diffie-Hellman group 2 is removed and the customer can not use Basic SKU anymore.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Publish Azure VPN client to Apple app store

      The Azure VPN client on the Microsoft store should be published to the Apple store too to ensure experience parity for Developers working on a Mac.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. azure vpn client: support OVPN AAD auth on Mac OS and Linux

      Hi Team,

      Currently OVPN AAD auth only support Windows 10 device since Azure VPN Client cannot be installed on Linux and Mac OS.

      Can you please kindly look at this issue?

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Optimize BGP routing for Site-to-Site (S2S) VPN

      Currently is not possible to optimize dynamic routing (BGP) for S2S scenario. There are scenarios where suboptimal routing occurs. It would be very convenient for enterprise network topology to have possibility to filter out BGP prefixes or ASN paths. For example one, from security point of view it is forbidden to propagate all internals (HUB&Spoke design) BGP routes to partner or 3rd party.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. iOS

      iOS support IKEv2 point-to-site VPN but randomly it disconnect. A solution would be to configure OpenVPN but in our company we use Win10 with SSTP. Add the support for SSTP + OpenVPN or fix the disconnection using IKEv2 in iOS.
      Thanks

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Custom IPsec policies for Point-to-Site

      Regarding Custom IPsec policies on Point-to-Site, I have been able to reproduce this and stumbled on something not mentioned within the document.

      Once custom policies are configured, Connectivity is no longer possible and attempts at connecting result in a "Policy match error (Error 13868)".

      I am not able to reconnect using new Root and Client Certificates, and/re-downloading the VPN Client.

      A successful Connection is only possible when I run a script to return the IPsec parameters to default settings, like so:

      $Gateway = "xxxxxxxxx"
      $ResourceGroup = "xxxxxxxxxxxx"
      Remove-AzureRmVpnClientIpsecParameter -VirtualNetworkGatewayName $Gateway -ResourceGroupName $ResourceGroup

      Can this be addressed?

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. 3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Custom IKE/IPsec Policies for IKEv1 Connections using Azure Portal

      Usually one can configure custom IKE/IPsec policies (without being able to enable policy-based traffic selectors) on IKEv1 Route-based Connections using PowerShell or Azure CLI.

      With this new update where custom policies can be configured on the Azure portal, I just discovered that with IKEv1 Route-based Connections, it is not possible to configure custom policies.

      Would this be addressed later or will we only be able to do this for Route-based IKEv1 via PowerShell or CLI going forward?

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. S2S VPN ICMP works, TCP not. How to debug this?

      We have a VPN tunnel and are able to use ICMP but TCP is not working.
      What could be the reason for this?

      We can ping an address behind the VPN tunnel from within Azure but cannot establish TCP communcation.

      We did a packet trace on the VPN Gateway connection and TCP packets are there but all in error.

      Is there a way to debug this?

      Also from behind the tunnel they can ping, but again cannot establish a TCP connection. The route back in the network trace is in error.

      So enabling more debug features would be helpfull.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. S2S VPN Should Allow Hostname in addition to LNG Public IP to support Redundancy

      Use case: Meraki MX devices don't support primary/secondary WAN IP config for VPN tunnels. Instead, they use a hostname for 3rd party VPN. Therefore, in addition to "LNG Public IP" Azure Virtual Gateway should support "LNG Public Hostname". See "example values" here:
      https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. allow more than one profile on P2S t oseparate users

      we would like to authenticate our P2S users with AzureAD and use the Azure VPN Client. This works, but with the limitation that only windows 1809 or later are supported. With the possibility to configure an additional Profile, with an other authentication mechanism, we could use the same VirtualWAN Hub, and let "all" in.

      (in addition to this the logging needs a lot more in case of who is connected, you cannot even trust the metric reports in matter of connected users...)

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Always on VPN on user login with Open VPN protocol

      Today Always ON VPN requires certificate-based authentication which limits the total number of users on one gateway. It would be nice to have Azure AD Open VPN Auth support for Always ON VPN.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. VPN gateway connection on Azure VPN client

      Enable the Azure VPN client to connect to an AzVPN gateway[maybe with AzAD auth] instead of importing or adding configuration. That could enable you to custom advertise a service tag to a gateway and the end user won't need to download the VPN client configuration continually for proper connectivity.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Azure AD VPN need to be supported for MAC os x atleast.

      Azure AD (AADVPN) should support Mac OSx so, We can bind the users to ADDS. Else, ADDS is useless to use for Enterprise.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Azure VPN Gateway as Responder (Not Initiator)

      Currently with Azure VPN Gateway we do not have an option to set it as a VPN responder, it is set as a permanent initiator - which is causing me issues when I want t'shoot my local gateway.

      I would like the option to set the Gateway as a responder only.

      87 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 6 7 8
    • Don't see your idea?

    Feedback and Knowledge Base