VeeamON 2021: Free Online Conference - Register Now VeeamON 2021: Free Online Conference - Register Now

Troubleshooting Azure VPNs

Cloud Hero Azure

In today’s Ask the Admin, I’ll show you how to enable VPN gateway diagnostics and download the resulting logs from Azure storage.

A site-to-site VPN enables you to securely connect your on-premise network to the Azure cloud, enabling users to seamlessly access Azure resources or extend existing systems into the cloud, or a VNET-to-VNET VPN connects two or more Azure virtual networks. For more information on configuring VNET-to-VNET VPNs, see Deploying VNet-to-VNet VPNs in Azure on the Petri IT Knowledgebase.

In principle, VPNs are not difficult to configure in Azure but can be prone to errors, especially in the case of site-to-site VPNs, where you’re connecting to a local VPN device. If you’re thinking of utilizing this kind of VPN, I’d recommend purchasing an Azure support plan because you can only take debugging problems so far without full access to the VPN device on the Azure side. Nevertheless, logging can be enabled to help troubleshoot issues if you can’t connect to an Azure VPN gateway. Don’t forget that the logs on a local VPN device might also give some useful troubleshooting clues.

Before getting started, you’ll need to make sure you have the PowerShell module for Azure installed on your management PC, and a connection to your subscription configured. For details on how to set up PowerShell management, see Setup Windows Azure PowerShell Management on Petri.

Enable VPN gateway diagnostics

Start by opening a PowerShell prompt, and if you haven’t already done so, use the Set-AzureSubscription cmdlet to configure PowerShell to use your Azure subscription and selected storage account, replacing Pay-As-You-Go with the name of your Azure subscription, and mystorageaccount with the name of the storage account you want to work with:

Azure writes the diagnostic logs to an Azure storage account. To enable this functionality, we need to provide the Start-AzureVNetGatewayDiagnostics cmdlet with the storage account context. Below we’ll set the storage context ready for the Start-AzureVNetGatewayDiagnostics cmdlet to use:

Now let’s set the name of the Azure virtual network we want to monitor and the capture duration in seconds:

Finally, we can start diagnostics:

Download the logs from Azure storage

Once the capture has completed, you’ll need to download the log from Azure storage and save the contents to a local file:

Now open the vpnlog.txt file to view the log.

Related Topics:

  • Microsoft Azure

    Don't have a login but want to join the conversation? Sign up for a Petri Account

    Comments (0)

    Leave a Reply

    IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.

    More Articles by Russell Smith

    Free Online Conference - May 25th and 26th

    VeeamON 2021: Free Online Conference

    Join us to gain your professional edge with technical and visionary learning from the brightest minds in IT at the definitive conference for Modern Data Protection.

    Register Now

    Sponsored By