Wednesday, July 24, 2019

Azure Site-to-Site VPN to SonicWALL - Working at one site and not another with exact same config

This is driving me nuts so I hope someone can help...

We have a SonicWALL device at a remote location that has a site-to-site VPN connection to Azure. This works perfect locally at the remote location and over SSLVPN. The connection has been up and running for almost 2 years now with little to no downtime. That remote location has asked us to setup a DR SonicWALL so that if their internet goes out in their office, they can connect to the SonicWALL in our office via SSLVPN and access all of their Azure resources.

I took a backup of the configuration on their SonicWALL and imported it into the new SonicWALL. All settings are the same aside from the LAN subnet which we changed to have an IP address on our local network for management purposes. I successfully added the new Local Network Gateway in Azure and added it to the same Virtual Network Gateway that the original Local Network Gateway uses. Since I used a backup file for the new SonicWALL, the VPN connection came alive instantly and I can see the connection is established in Azure on the Virtual Network Gateway and on the SonicWALL.

When I connect to the newly configured SSLVPN, I cannot access any of the Azure resources. We run a file share up there which I cannot access and there are servers with RDP configured which I cannot connect to. There has been 2 or 3 times today where the RDP connection was successful the second I connect to the SSLVPN and then every attempt after that fails.

VPN Configuration on both SonicWALLs = One gives access to an Address Group (local and SSLVPN subnets) and new SonicWALL just gives access to SSLVPN IP range

Firewall rules = Same

NAT Policies = None

Routing = Same

Azure NSG and Source IP Ranges configured properly in Azure

::Found this while making this post:: Found these logs being logged over and over and over. Every 2 seconds. I know this is the problem but how do I go about resolving this?

IKEv2 Send Dead Peer Detection Response IKEv2 Received Dead Peer Detection Request

Any help would be appreciated!

(Another thing I noticed is the protocol being used for the VPN to Azure is UDP port 500. Could my ISP be blocking UDP traffic?



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)