Azure BOVPN Ping Only Working One Way

goscadmin · December 2021

Hi All,

I'm having trouble with a BOVPN Interface and Azure. I'm unable to ping (or anything for that matter) from my LAN to Azure VM's, but can the other way with no issues. Has anyone experienced the same thing? The traffic monitor shows that traffic is allowed and seems to be going through the external interface using the BOVPN-Allowed policy.

Thanks

james.carson · December 2021

Hi @goscadmin

If the firewall is showing allow logs for that traffic, it's likely passing. Have you checked any firewall policies on the machines themselves?

Some group policy templates, for example, forbid responding to pings on subnets that aren't the one the PC/server is on. The traffic may be getting to the destination but is ignored by the destination host.

goscadmin · December 2021

Hi James,

I've been having a play around with the settings since my original post and found that it works fine if I configure the VPN as a BO gateway and tunnel. It doesn't work if I set up a BOVPN Virtual Interface. As that's the case, I'm assuming at this point that this must be a VPN thing rather than a restriction on either network or on any host. Any ideas as to why it works as a gateway and not virtual interface?

Thanks

kimmo.pohjoisaho · December 2021

Depends how you have configured the VPN in Azure, if:
Route based = then WG Virtual Interface config
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/bovpn_vif_static_routing_azure.html

Policy based = the WG GW & Tunnel config.
https://techsearch.watchguard.com/KB/?type=KBArticle&SFDCID=kA2F00000000LI7KAM&lang=en_US

in Azure check VPN type & SKU:
https://www.screencast.com/t/QH59Qw0V

The recommended way is the route based (Azure) / BOVPN Virtual Interface (WG) configuration.

goscadmin · December 2021

@kimmo.pohjoisaho said:
Depends how you have configured the VPN in Azure, if:
Route based = then WG Virtual Interface config
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/bovpn_vif_static_routing_azure.html

Policy based = the WG GW & Tunnel config.
https://techsearch.watchguard.com/KB/?type=KBArticle&SFDCID=kA2F00000000LI7KAM&lang=en_US

in Azure check VPN type & SKU:
https://www.screencast.com/t/QH59Qw0V

The recommended way is the route based (Azure) / BOVPN Virtual Interface (WG) configuration.

Many thanks for this. I've just tried to setup a Route Based VPN (based on the documentation) and I'm getting the same issue where the connection is live, but ping is only working one way (Azure to LAN). Policy Based works absolutely fine with no issues.

Any advice? Thanks

kimmo.pohjoisaho · December 2021

How have you configured in the Azure VPN Gateway the SKU, Gateway type and VPN type?
See example: https://www.screencast.com/t/kgFRCznp

goscadmin · January 2022

@kimmo.pohjoisaho said:
How have you configured in the Azure VPN Gateway the SKU, Gateway type and VPN type?
See example: https://www.screencast.com/t/kgFRCznp

Yes I did. I've decided to go back to Policy Based as it's working and I'll look into why it's not at another date.

Many thanks for your help.

Azure BOVPN Ping Only Working One Way

Comments