Have Site-To-Site (IPSEC) connected but cannot ping anything other than router
Matthew Martinez 
Just setup a new Azure subscription, and i'm stumped trying to troubleshoot why I can't ping any local VMWare machines from a Azure VM. After successfully setting up an IPSec Site-To-Site VPN.
I am doing this as a learning exercise to setup a home lab, and working on my crappy networking skills :(
I have the following setup:
- Esxi Server with a VM (Portal) on a vlan50 network
- Managed switch with vlan50 tagging
- pfSense router with 192.168.20.1/24 address on vlan50
- A working IPSec tunnel from my lab 192.168.20.0/24 to Azure virtual network 192.168.50.0/24
So for testing I created 1 VM in on-prem lab, and 1 VM in Azure
- On-prem VM [Portal] - 192.168.20.2 vlan50
- Azure VM [TestVM] - 192.168.50.100 (no vlan)
From the Portal Server, I can ping the local gateway 192.168.20.1,
And from the pfSense I can ping the Azure VM:
And from the Azure Server, I can ping the 192.168.20.1 interface.
Ping from Azure to pfSense interface, not enough reputation :(
However, the VMs cannot see each other\ping each other. I cannot understand this. I added rules in both IPSec & the vlan50 to allow all access to each subnet. I have a feeling my issue is either a Firewall rule, or vlan tag?
Here are some interesting things I'm noticing while troubleshooting:
- I don't see any ICMP traffic on the vlan50 interface when successfully pinging from pfSense to AzureVM
- When (unsuccessfully) pinging from AzureVM to Portal box, I see unanswered ICMP requests from 192.168.50.100 when listening on pfSense box on the vlan50 interface
I also created a very crude network outline with screenshots of the configuration I have setup: Crude Network layout
1 Answer
Doh! I found the answer was the fact that my Portal machine that's on-premise has multiple NIC, and the default Gateway doesn't know that route. I added a static gateway and was able to successfully ping each machine
