- I have created Virtual Network Connection (policy based) in Azure.
- I have created Connection for Site to Site(IPSec) which connects to VMWare-snx.
- Connection status is "Connecting". (Also connecting status ok from VMWare SNX side)
- I have VM in subnet. Both subnet is part of one VNet.
Test: I try to ping or RDP to VM in VMWare side VM, but do not have connection.
Q: Did I understand correctly that I should have automatically connection from all subnet in VNet. No routing is needed between Gateway Subnet and others?
Q: Is there any way to troubleshoot if ping passed Azure VPN? Azure Monitor tells something?
Instructions followed: https://vzerotohero.com/2017/03/step-by-step-deploy-vmware-nsx-with-microsoft-azure-ipsec-vpn-site-to-site/
You can find out how to test your VPN here, specially troubleshooting using Azure Network Watcher. When establishing a VPN S2S all of routes are created automatically in your VNET where lives your Virtual Network Gateway according to your Local Network Gateway and your device VMWare-snx. In order to make sure that you have routes between Azure and you On-Premises, you can see Effective Route for your VM's NIC. Finally status must be connected and not connecting for your VPN connection, you can see details about VPN devices and IPsec/IKE parameters for Site-to-Site VPN Gateway connections.