Thank you for the advice and rundown on cloud network infra. I suspect there is an underlying issue. I had used a VHDX appliance image with a very basic base config that only had a internal IP address, and admin password then it was shifted into azure. This was because we have existing infra in the azure tenant, and the azure PCS appliance doesn't have the ability to integrate into an existing vnet - it must create its own one. We didn't want the additonal networking / administration overhead of another resouce group/vnet ect. The problem is there there is no option System >> Network >> VPN tunneling >> Source NAT. There is only the IP address filter and VPN Tunnel Server IP address. I presume the option is currently hidden? Reviewing the URL (and only upon clicking VPN tunneling again), it mentions SNAT https://172.16.xx.xx/dana-admin/network/nc_ip_filter.cgi?snat_on_cloud=0&cmbClusterSelector=localhost2&snatdisplay=0&base_ip=10.200.200.200&name= Changing snat_on_cloud=0, snatdisplay=0 to snat_on_cloud=1, snatdisplay=1 does not make a difference. I have looked into the administrator guide for PCS and it doesn't mention Source NAT anywhere, I do notice it is mentioned in the azure guide. Can we enable the option to choose SNAT? I'm running 9.1R13 (build 15339)
... View more
Hi I'm not sure whats going on but I suspect there may be something to do with Azure's way of processing ARP which is causing me problems. I am trying to get communication between dial-in SSL VPN (Pulse secure VPN client) client into azure. Problem: No communication between VPN client network and VMs in Azure within the same subnet About environment -Azure -VM is in subnet1 -PCS internal is in subnet1 -PCS external has static public IP and in subnet2 -PCS VPN policy allows all traffic in subnet1, and split tunneling is enabled -PCS VPN subnet to client is in the same subnet as Subnet1 (tried using a different subnet range and no difference) -I can access PCS from VM and configure via ssh / https I'm confident I've configured the policies for this to work. Can: Ping from the PCS server on subnet1 to the VM private IP address and vice versa. Ping the PCS server from the VPN client's NIC and vice versa (Note: drops every first icmp request, sends a second and gets a response) Cannot: Get a correct ARP response in the VPN client's NIC - ARP request presumably delivered by Azure and it does not give the correct MAC address to the desired host. Because of 1., there is no ICMP traffic directed to the destined VM, and no Remote Desktop connection. The goal: get RDP access to VM in Azure using Pulse VPN client Any advise or suggestions would be appreciated.
... View more