Troubleshoot Azure VPN Gateway ​

VPN Gateway connections can fail for a variety of reasons. Although a network engineer will be able to troubleshoot many connectivity issues from experience, the following Microsoft documentation provides help and guidance for resolving many common problems.

Validate VPN throughput to a VNet

A VPN gateway connection enables you to establish secure, cross-premises connectivity between your Virtual Network within Azure and your on-premises IT infrastructure. This article shows how to validate network throughput from the on-premises resources to an Azure virtual machine (VM). It also provides troubleshooting guidance. See Validate VPN throughput to a virtual network - Azure VPN Gateway.

Point-to-Site connections

This article lists common point-to-site connection problems that you might experience. It also discusses possible causes and solutions for these problems. See Troubleshoot Azure point-to-site connection problems - Azure VPN Gateway.

Site-to-Site connections

After you configure a site-to-site VPN connection between an on-premises network and an Azure virtual network, the VPN connection suddenly stops working and cannot be reconnected. This article provides troubleshooting steps to help you resolve this problem. See Troubleshoot an Azure site-to-site VPN connection that cannot connect - Azure VPN Gateway.

VPN and Firewall device settings

This article provides several suggested solutions for third-party VPN or firewall devices that are used with VPN Gateway. Technical support for third-party VPN or firewall devices is provided by the device vendor. See Community-suggested third-party VPN or firewall device settings for Azure VPN Gateway.

Troubleshoot Azure VPN Gateway using diagnostic logs ​

Using diagnostic logs, you can troubleshoot multiple VPN gateway related events including configuration activity, VPN Tunnel connectivity, IPsec logging, BGP route exchanges, Point to Site advanced logging.

There are several diagnostic logs you can use to help troubleshoot a problem with your VPN Gateway.

• GatewayDiagnosticLog
  • Contains diagnostic logs for gateway configuration events, primary changes, and maintenance events.
• TunnelDiagnosticLog
  • Contains tunnel state change events. Tunnel connect/disconnect events have a summarized reason for the state change if applicable.
• RouteDiagnosticLog
  • Logs changes to static routes and BGP events that occur on the gateway.
• IKEDiagnosticLog
  • Logs IKE control messages and events on the gateway.
• P2SDiagnosticLog
  • Logs point-to-site control messages and events on the gateway.

Use Azure Monitor to analyze the data collected in the diagnostic logs.