Microsoft Azure Site to Site IPSEC VPN with TL-R600VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Microsoft Azure Site to Site IPSEC VPN with TL-R600VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Microsoft Azure Site to Site IPSEC VPN with TL-R600VPN
Microsoft Azure Site to Site IPSEC VPN with TL-R600VPN
2020-10-19 16:23:44 - last edited 2021-04-18 10:48:57
Model: TL-R600VPN  
Hardware Version: V4
Firmware Version: 4.0.4 Build 20200313 Rel.41831

I am trying to setup an IPSEC IKEv1 Site to Site connection between my home and Microsoft Azure. I have been successful in creating the VPN and I can even ping my home computers from Azure but I cannot access my Azure computers from home.

 

I have searched high and low for comprehensive documentation and I can't seem to find whether I need to create Static Routes or I need to do any other configuration on my TP-Link to make it work. I will try here, before I sent the TP-Link back to Amazon for a refund.

 

Azure VNET: 10.0.0.0/16

Home Network: 10.59.0.0/16

 

Local IP of Azure VM: 10.0.0.4 (Pinging from 10.0.0.4 to 10.59.0.10 succeeds)

Local IP of Home VM: 10.59.0.10 (Pinging from 10.59.0.10 to 10.0.0.4 fails)

 

Local IP Address of TP Link Router: 10.59.0.1

WAN IP Address of Azure VPN Gateway:  65.52.129.xxx

WAN IP Address of Home: 185.116.11.xxx

 

What is preventing me from being able to reach Azure from my TL-R600VPN but allowing Azure to reach my TL-R600VPN? Do I need to manual create a static route? If so what should I set? 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:Microsoft Azure Site to Site IPSEC VPN with TL-R600VPN-Solution
2020-10-20 03:30:26 - last edited 2021-04-18 10:48:57

Dear @liamfoneill,

 

I have been successful in creating the VPN and I can even ping my home computers from Azure but I cannot access my Azure computers from home.

Local IP of Azure VM: 10.0.0.4 (Pinging from 10.0.0.4 to 10.59.0.10 succeeds)

Local IP of Home VM: 10.59.0.10 (Pinging from 10.59.0.10 to 10.0.0.4 fails)

 

If you can ping the home computers from Azure BUT cannot ping Azure computers from home, it indicates that the home computers receives and responds the ping requests but the Azure seems to not respond. Communicate is bidirectional, it's suggested to check the firewall settings on the Azure, ensure it's allowed to respond the requests first.

 

Besides, you may ping the Azure from the home computers (not from the router's web UI). 

 

WAN IP Address of Azure VPN Gateway:  65.52.129.xxx

WAN IP Address of Home: 185.116.11.xxx

 

To confirm, is the WAN IP Address of Home wrongly typed here, or do you have two WAN connections on the TL-R600VPN router?

From the IPSec SA list, it seems that the tunnel between 65.52.129.xxx and 100.66.0.xxx (rather than 185.116.11.xxx) has been established.

 

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#2
Options
2 Reply
Re:Microsoft Azure Site to Site IPSEC VPN with TL-R600VPN-Solution
2020-10-20 03:30:26 - last edited 2021-04-18 10:48:57

Dear @liamfoneill,

 

I have been successful in creating the VPN and I can even ping my home computers from Azure but I cannot access my Azure computers from home.

Local IP of Azure VM: 10.0.0.4 (Pinging from 10.0.0.4 to 10.59.0.10 succeeds)

Local IP of Home VM: 10.59.0.10 (Pinging from 10.59.0.10 to 10.0.0.4 fails)

 

If you can ping the home computers from Azure BUT cannot ping Azure computers from home, it indicates that the home computers receives and responds the ping requests but the Azure seems to not respond. Communicate is bidirectional, it's suggested to check the firewall settings on the Azure, ensure it's allowed to respond the requests first.

 

Besides, you may ping the Azure from the home computers (not from the router's web UI). 

 

WAN IP Address of Azure VPN Gateway:  65.52.129.xxx

WAN IP Address of Home: 185.116.11.xxx

 

To confirm, is the WAN IP Address of Home wrongly typed here, or do you have two WAN connections on the TL-R600VPN router?

From the IPSec SA list, it seems that the tunnel between 65.52.129.xxx and 100.66.0.xxx (rather than 185.116.11.xxx) has been established.

 

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#2
Options
Re:Microsoft Azure Site to Site IPSEC VPN with TL-R600VPN
2020-10-20 08:44:22 - last edited 2021-04-18 10:48:57

@Fae thank you! You were right - it was actually the Network Security Group in Azure not allowing ICMP Ping. Once I allowed that through it all started working.

 

I think I was a little confused as I was expecting to see a Route to the 10.0.0.0/16 in the Router Static Routes page but it all seems to work now anyhow :D

 

Thanks again.

  0  
  0  
#3
Options