1

I'm currently having some issues with connecting the VPN to my Vnet properly.

The Virtual Network is called MGS-vnet with an address space of 10.0.0.0/8.

It contains 2 subnets:

  1. default with an address range of 10.0.0.0/16
  2. GatewaySubnet with an address range of 10.1.0.0/16

I then have a Virtual Network Gateway, aptly named VPN.

Under MGS-vnet there is a VM called MGSServ1 which is connected by a network inteface mgsserv1261 and assigned the IP address 10.0.0.4.

The issue is that I can't get the VPN to communicate with the MGSServ1, I've attempted with some different netmasks since I noticed that might've been the issue so I changed the address space to 10.0.0.0/8 which is now my current configuration, I believe this would be the correct configuration but that address space means I cannot specify an address range on the Point-To-Site that isn't already reserved.

Failed to save virtual network gateway 'VPN'. Error: The virtual network gateway's VPN client address pool overlaps with the virtual network's address space. The overlapping address space prefixes are 10.0.0.0/8 and 10.1.0.0/24.

Hope you can advise where the issue is in creating this connection between the VPN and the VM.

I've also attempted with creating a Route Table between the IP range of VPN to the specific VM, I was unable to get that working and not sure if I should proceed with that solution.

Network Diagram

Networking Diagram

kasperd
  • 29,894
  • 16
  • 72
  • 122
MSL
  • 13
  • 1
  • 3

1 Answers1

1

The issue is stated in the error message you provided The overlapping address space prefixes are 10.0.0.0/8 and 10.1.0.0/24. Your Point-To-Site (P2S) address space cannot be in the VNet Address space. Easy fix change P2S address space to something else like 192.168.0.0/24, that should work.

The questions is do you need all host in /8 or /16? because you are bound to running into lots of overlapping issues.

If you really need all the hosts, recommendation:

Configure MSG-VNet to 10.0.0.0/16

Default Subnet to 10.0.0.0/24 --You can add more subnet as needed

GateWay Subnet to 10.0.255.248/29 --Smallest subnet possible /29

If not, keep it simple, recommendation:

Configure MSG-VNet to 10.0.0.0/24

Default Subnet to 10.0.0.0/26

GateWay Subnet to 10.0.0.248/29 --Smallest subnet possible /29

Good Luck.......

Hannel
  • 651
  • 4
  • 9
  • I actually figured out that this was a non-issue, if I returned to my previous setup and had the IP addresses seperate, it could still connect. The reasoning behind this was me testing for a shared drive to see if the connection was there, I also tried to ping the IP which was not sufficient, if I connected through RDP to the internal IP address I could access the VM. The issue was then port-blocking issues with port 445 since I could not see the shared drives. – MSL Nov 01 '18 at 11:13
  • A port query tool should help you identify port blocking issues. As for 445, SMB port it is blocked by almost all ISPs and work networks.[https://support.microsoft.com/en-us/help/3185535/guidelines-for-blocking-specific-firewall-ports-to-prevent-smb-traffic](https://support.microsoft.com/en-us/help/3185535/guidelines-for-blocking-specific-firewall-ports-to-prevent-smb-traffic) – Hannel Nov 01 '18 at 18:42