SOLVED

How to connect two VM's on Azure?

%3CLINGO-SUB%20id%3D%22lingo-sub-87581%22%20slang%3D%22en-US%22%3EHow%20to%20connect%20two%20VM's%20on%20Azure%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-87581%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20Memebrs%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20have%20the%20following%20setup%20in%20Azure%20Cloud%3A%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3E(CentOS-trust%20VM)%20-------(10.0.2.0%2F24)----PA-Vm------(10.0.1.024)-----(CentOS-Untrust%20VM)%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAll%20VM's%20have%20a%20seperate%20Mgmt%20Network%20with%20Public%20IP%20address's.%20When%20i%20try%20to%20ping%20from%20CentOS-Trust%20VM%20to%20CentOS-Untrust-VM%20what%20i%20should%20see%20is%20a%20session%20(or%20atleast%20packet%20counters)%20on%20PA-VM.%20BUt%20the%20ping%20works%20and%20there%20is%20no%20packet%20capture(any%20bytes%2Fpackets%20received)%20on%20the%20firewall%20(PA-VM).%20I%20think%20it%20is%20going%20via%20Mgmt%3F...am%20i%20correct..%3F%20is%20there%20any%20method%20cia%20which%20i%20can%20achieve%20my%20objective%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-87581%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVirtual%20Network%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-91376%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20connect%20two%20VM's%20on%20Azure%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-91376%22%20slang%3D%22en-US%22%3EGlad%20to%20hear%20it%2C%20but%20that%20should%20not%20have%20been%20necessary.%20If%20you%20want%20to%20insure%20best%20practice%2C%20feel%20free%20to%20provide%20more%20information%20and%20we%20will%20make%20sure%20you%20are%20on%20track%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-91374%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20connect%20two%20VM's%20on%20Azure%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-91374%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20Members%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20so%20much%20for%20replying%2C%20i%20have%20managed%20to%20connected%20them%2C%20just%20needed%20a%20route%20with%20Virtual%20Machine%20as%20Next%20hop....%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-91350%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20connect%20two%20VM's%20on%20Azure%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-91350%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20we%20know%20the%20address%20space%20of%20the%20VNET%20so%20we%20can%20assist%20with%20a%20better%20anzwer.%20If%20both%20are%20in%20the%20same%20VNET%20then%20ping%20should%20work%20unless%20you%20modified%20the%20NSG%20default%20rules.%20As%20Kent%20mentioned%20the%20VMs%20stayed%20at%20two%20diferent%20VNETs%20then%20we%20have%20to%20create%20VNET%20peering%20withe%20each%20other.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20use%20Network%20watcher%20service%20to%20verify%20the%20network%20conectivity%20troubleshoting%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fnetwork-watcher%2Fnetwork-watcher-monitoring-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fnetwork-watcher%2Fnetwork-watcher-monitoring-overview%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-89517%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20connect%20two%20VM's%20on%20Azure%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-89517%22%20slang%3D%22en-US%22%3E%3CP%3EDo%20you%20mean%20that%20Ping%20does%20not%20work%20%3F%3C%2FP%3E%3CP%3Ei%20notice%20that%20both%20VM's%20have%20a%2010.x.x.x%2F24%20would%20they%20happen%20to%20be%20in%20the%20same%20VNET%2010.0.0.0%2F8%20or%20%2F16%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnless%20you%20configured%20DNS%20for%20the%20public%20facing%20MGMT%20ip's%20then%20no%2C%20they%20would%20never%20use%20that%20address%2C%20but%20if%20they%20are%20on%20each%20thier%20own%20VNET%2C%20then%20you%20have%20to%20enable%20peering%20or%20VPN%20between%20the%202%20sites%2C%20but%20here%20you%20may%20have%20overlapping%20VNET's.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eperhaps%20you%20could%20provide%20some%20screen%20dumps%2C%20VNET%20and%20NIC's%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20a%20side%20note%2C%20if%20you%20must%20use%20public%20facing%20ip's%20(VPN%20would%20be%20better)%20then%20remeber%20to%20use%20strict%20NSG's%20to%20prevent%20unwanted%20attacks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1133070%22%20slang%3D%22en-US%22%3EVMs%20in%202%20subnets%20not%20able%20to%20ping%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1133070%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F43428%22%20target%3D%22_blank%22%3E%40Kent%20Gaardmand%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20%2C%3C%2FP%3E%3CP%3EI%20am%20in%20a%20situation%20where%20I%20have%20created%202%20Virtual%20Machines%20associated%20with%202%20different%20sub%20nets%20in%20a%20Virtual%20Network.%26nbsp%3B%20When%20I%20try%20to%20ping%20the%20VMs%20form%20each%20other%20its%20getting%20times%20out.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20guide%20me%20how%20to%20solve%20this%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Dear Memebrs;

 

I have the following setup in Azure Cloud: 

(CentOS-trust VM) -------(10.0.2.0/24)----PA-Vm------(10.0.1.024)-----(CentOS-Untrust VM) 

 

All VM's have a seperate Mgmt Network with Public IP address's. When i try to ping from CentOS-Trust VM to CentOS-Untrust-VM what i should see is a session (or atleast packet counters) on PA-VM. BUt the ping works and there is no packet capture(any bytes/packets received) on the firewall (PA-VM). I think it is going via Mgmt?...am i correct..? is there any method cia which i can achieve my objective?

 

5 Replies
Highlighted
Best Response confirmed by Muhammad Ausaf Ali Yousaf (New Contributor)
Solution

Do you mean that Ping does not work ?

i notice that both VM's have a 10.x.x.x/24 would they happen to be in the same VNET 10.0.0.0/8 or /16 ?

 

Unless you configured DNS for the public facing MGMT ip's then no, they would never use that address, but if they are on each thier own VNET, then you have to enable peering or VPN between the 2 sites, but here you may have overlapping VNET's.

 

perhaps you could provide some screen dumps, VNET and NIC's

 

On a side note, if you must use public facing ip's (VPN would be better) then remeber to use strict NSG's to prevent unwanted attacks.

Highlighted

Hi,

 

Can we know the address space of the VNET so we can assist with a better anzwer. If both are in the same VNET then ping should work unless you modified the NSG default rules. As Kent mentioned the VMs stayed at two diferent VNETs then we have to create VNET peering withe each other.

 

You can use Network watcher service to verify the network conectivity troubleshoting 

 

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

 

Thanks

Highlighted

Dear Members;

 

Thank you so much for replying, i have managed to connected them, just needed a route with Virtual Machine as Next hop....

Highlighted
Glad to hear it, but that should not have been necessary. If you want to insure best practice, feel free to provide more information and we will make sure you are on track
Highlighted

@Kent Gaardmand 

 

Hi ,

I am in a situation where I have created 2 Virtual Machines associated with 2 different sub nets in a Virtual Network.  When I try to ping the VMs form each other its getting times out.

 

Please guide me how to solve this