Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Please make Site-to-Site VPN avaiable for devices behind a NAT and not on public IP

      Please make Site-to-Site VPN avaiable for devices behind an router an not only public ip

      121 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Create a tool that automatically connect TMG with Azure VPN

      Create a tool that automatically connect TMG with Azure VPN.
      As the Forefront Thread Management Gateway is a Microsoft product i like to see a tool that setup the TMG more easily.

      35 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
      declined  ·  Yushun Wang [MSFT] responded

      Thanks for the feedback. Please note that Microsoft has announced the plan to discontinue TMG. Please refer to the following link:

      http://technet.microsoft.com/en-us/forefront/ee807302.aspx

      For connecting to Azure, the product team has added support for using Windows Server Routing and Remote Services as the on premise VPN gateways:

      http://msdn.microsoft.com/en-us/library/windowsazure/dn133801.aspx

      Disclaimer: The DynamicRouting gateway offering is still in preview. The Microsoft recommendation is NOT to run production workload on preview services.

      Thanks!
      Yushun [MSFT]

    3. P2S VPN Client Without Local Admin Rights

      Currently the Azure P2S VPN client requires the user to be a local admin. The response to my support call was:

      "This is By Design and unfortunately there is no alternative as running the Point-To-Site VPN connection as local admin, because you basically need to inject a new route in the routing table for the VPN and that can be done only by an admin.

      Unfortunately, Point-to-Site users need to have machine admin rights at this time. There is no workaround for the Point-to-Site VPN, cause the VPN client needs admin permissions."

      I would like to see the necessity to…

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow Azure Connect groups settings to be specified in the service configuration and/or expose APIs

      There is apparently no way to persist Azure Connect group settings between full deployments. Since some startup tasks rely on this, and since managing them through the UI can be a pain when there are many roles and endpoints to configure, there has to either be a way to specify the groups that a role should join, within the ServiceConfiguration.cscfg file, or a way to programmatically configure the group settings during a startup task. The configuration option is probably sufficient for most scenarios.

      31 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Silent install for P2S VPN package file

      We want to silent install mode for P2S VPN package file.
      Now, This package file has Quiet modes of the "/Q" options. However, we got the error message below when we execute vpn package file with "/Q".
      "Error creating process <<None>>. Reason: The system cannot find the file specified."

      30 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the suggestion. Unfortunately, this is a Windows VPN platform constraint. Azure P2S VPN package will add network routes on the machine, which will require admin privilege and will trigger UAC prompt on Windows. This is not an Azure specific constraint.

      Thanks,
      Yushun [MSFT]

    6. 24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Please raise the VPN Gateway Limitation

      We can connect 10 locations using VPN Gateway in Basic / Standard SKUs.
      Please raise the Default Limit from 10 locations to 30 locations (same as High Performance SKU). We often need to connect over 10 locations.

      - Japanese
      VPN Gateway で Basic / Standard SKU でも 30 拠点まで VPN 接続できるようにしてほしい

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for your feedback. We understand the need to connect to more than 10 locations. Unfortunately, Basic and Standard SKUs have a hard limit of 10 locations because of implementation constraints. If you need 30 tunnels, please use the High Performance SKU.

      Thanks,
      Bridget [MSFT]

    8. Allow other VPN protocol

      The point-to-site VPN protocol is not natively compatible with Windows 10 and Linux machine. It will be great if it was possible to use another protocol (openvpn, pptp) easily as SSTP.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Increase the maximum number of Site-to-Site (S2S) connections of the VPN Gateway

      We host many different customers. We want to put every customer in their own subscription (mostly) so we can bill them separatly, as there seems to be no other way of doing this easily. Also having every customer in their own subscription has other benefits. To connect their networks to our own "Hosting" subscription containing our active directory servers , we wanted to use site-to-site VPN's between the subscriptions VNET's. Currently the limits are 10 vpn's for "Dynamic Routing VPN gateway" and 30 for "High Performance VPN gateway" (which is too expensive for this purpose). Please increase those considerably or…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Specify custom routes for P2S VPN

      I have to modify the routes.txt file to add additional routes for the VPN. Please provide the ability to specify user defined routes for the P2S VPN client.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Allow a VPN device to be configured using a domain name instead of an IP address

      Please allow the VPN device when creating a site-to-site connection to be setup using domain name instead of an IP address.

      This will allow sites with dynamics IPs to connect and also sites with dual-wan to failover to the secondary line without requiring expensive dual-circuit lines.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Whats happening with 'legacy' Virtual Network Gateways?

      So the documents all describe 'Basic', 'Standard' and 'High Performance' SKUs as being 'Legacy'.

      I'm assuming this means that they are no longer being actively maintained and are likely to be made obsolete in the near future?

      If so, why is 'Basic' contained amongst the new Gateways on the pricing page? https://azure.microsoft.com/en-gb/pricing/details/vpn-gateway/

      There is a huge price difference between 'Basic' and 'VpnGw1'. Im comfortable paying for 'VpnGw1' in my production environment but not comfortable spending that much for my test environments.

      So if I want to maintain consistency and eliminate variables between my environments I just have to pay for…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Allow Internet traffic via VPN Gateway

      Allow communication to the internet to devices connected to Azure via VPN.

      Add ability to add routes to non connected LAN segments on the Azure VPN endpoint, and support non TCP/UDP traffic for VM’s (such as enabling IPSEC traffic )

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. cannot delete vpn and there is no free support for bugs

      I created a site to site vpn in the old portal as a test. I want to make a new one in the new portal, but cannot delete the old one. I tried everything.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Hi,

      Please open a Support Request if you still cannot delete the VPN gateway. In general, the currently portal is not 100% compatible with the features/resources created using the previous/old portal. Once you open a support request, if it’s a bug, it will get to the product team for the actual bug fix.

      Thanks,
      Yushun [MSFT]

    15. Allow to Reserve VPN

      Allow the Azure Admin to reserve IP address for specific clients so when they connect to the VPN via a Point-to-Site configuration, the client receive the same IP Address all the time.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Allow connection to only some specific address Point-to-Site address

      Restrict connectivity of Point-to-Site to some specific addresses.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Avoid creating a static route on the onprem side to establish VPN and BGP connectivity

      Right now on the onprem side we are required to create a static route to the VPN tunnel interface while configuring BGP. This is ironic for the matter of fact we are calling it BGP and doing static routing configuration on onprem side. AWS does share a /30 subnet for both LGW and VPNGW to peer for. See https://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/GenericConfig.html can we have a similar functionality in Azure VPN which avoids creating this static routing business

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback. This is unfortunately by design on the Azure side. Azure VPN gateway is using one of the VNet addresses as the BGP peer IP, so there needs to be an on-premises route to point to the IPsec tunnel (VTI, etc.) for that BGP peer IP address(es) in Azure. Without that route, BGP sessions cannot be established.

      Thanks,
      Yushun [MSFT]

    18. Local Network Gateway is NOT indicative of what it is. It should be REMOTE (to Azure) Network Gateway

      Local Network Gateway is NOT indicative of what it is. It should be Remote Network Gateway as it is where you add the REMOTE (to Azure) network IP addresses / ranges.
      We use Site-to-Site to connect to business partners.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Meraki vpn

      looks like meraki with Ikev1 works, can you add it to the list if it works? are there any plans if its not tested so far??

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      declined  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Support names as well as IP addresses for local gateway on site-to-site VPN

      Today you only allow IP addresses to be specified as the local gateway endpoint for a site-to-site VPN. Customers who receive their public IP via DHCP would greatly benefit if this config parameter could also take a DNS name that the Azure gateway infrastructure would resolve to the current IP (and if there are connectivity issues, re-resolve as the IP may have changed).

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base