Connectivity to Azure services problem

I have deployed a Peplink B One on a fixed line FTTP circuit to an initial PoC site for a potential customer.

The customer requires an IPSec VPN from the B One to their Azure network.

The IPSec VPN establishes with the Azure gateway and there is 2-way communication, however there seems to be an issue with DNS and access to the customer Sharepoint that are both in Azure.

Although client devices connected to the B One can ping the private DNS and Sharepoint server IPs across the IPSec VPN, and vice-versa, there are very few DNS responses from the DNS server to client requests and client attempts to connect to their Sharepoint service all fail.

Any suggestions that might help would be very much appreciated.

Hi, @Mark_Abbott-Banner12

Crazy ideia…
Build a raspberry pi with bind and replicate the Azure DNS at Raspberry?
Leave Raspberry at same location of B-ONE?

Other crazy ideia…
Have you try DNS Forwarding?

Thanks Marcelo,

I did look at this setting, and may try it in desperation, however I’m not sure how this would change things?

The customer is using the untagged LAN configured with a 10.x.x.x/24 subnet configured on it and this VLAN has their DNS servers configured. These are in another 10.x.x.x subnet.

The local LAN subnet is configured as the local network in the IPSec VPN, which is configured on the Peplink, and the customer’s servers are in the subnet specified as the remote network.

When I check the traffic I can see DNS requests from client devices being sent with the destination IP of the primary DNS server.

Client devices can ping the DNS server and Sharepoint server IP across the IPSec VPN.

When I packet capture, I can see the ICMP requests and replies.

While ping to the server IP addresses does work, and I can see loads of DNS requests to the DNS server IP, only very occasionally do I see a DNS response received from the DNS server.

Many thanks,

Mark

Just one thing to add, I did configure a second IPSec VPN to the customer’s head office, which also has a DNS server running, but this is on physical devices, not in the Azure environment.

The DNS requests to this sever get successful responses, however the customer advised me that their network is configured so the Sharepoint servers cannot be accessed by going through the head office, so I need to get the connectivity with the DNS service in Azure to work.

Personally I think something is preventing the return responses, but I have no real experience with Azure and no visibility of it as this is the customer’s own environment.

Thank you for your suggestions so far.

Ping works? They have route for this network?
They have a firewall and add a rule to allow the new network?