Forum Discussion
Can only remote into azure vm from DC
Hi all,
I have set up a site to site connection from on prem to azure and I can remote in via the main dc on prem but not any other server or ping from any other server to the azure. Why can I only remote into the azure VM from the server that has Routing and remote access? Any ideas on how I can fix this?
2 Replies
RRAS is configured on the main DC to handle VPN traffic, but it may not be forwarding or routing traffic correctly to other internal servers. Other servers may lack proper routing or firewall rules that allow inbound/outbound traffic to/from Azure. Azure VM's network security groups (NSGs) might be blocking traffic from your internal network.
Please try to fix by below:
1. Check Azure NSG rules
- Go to the VM’s NSG and confirm it allows inbound RDP from your full on-prem subnet (e.g., 10.0.0.0/16), not just the DC’s IP.
2. Verify VPN configuration
- Ensure the local network gateway in Azure includes the full on-prem subnet range.
- Confirm the VPN gateway is connected and routing correctly.
3. Add static routes on other servers
- On each server that cannot reach Azure, run:
route add <Azure subnet> mask <subnet mask> <RRAS server IP>4. Enable IP forwarding on RRAS
- Make sure RRAS is configured to forward packets between networks.
- Check that NAT or firewall rules aren’t blocking traffic.
5. Use internal routing or redistribute routes
- If you have an internal router or Layer 3 switch, redistribute the Azure route from RRAS to your internal network.
