Trying to connect to my SQL MI on azure but I have been failing.
I am trying to rule out that the traffic is blocked by my Meraki firewall. There are no rules blocking anything outbound there is only the default rule (any/any/any/any)
Having said that when I try to nc -vz any port other than 80 on either the virtual IP address or the physical IP address of the firewall they all fail. The only one that succeeds is 80.
Maybe I have got this completely wrong and you simply cannot nc -vz but traffic is allowed. How can I check or what am I possibly missing?
Any help would be much appreciated.
Have you tried the packet capture on Meraki dashboard? The SQL port is open on Azure?
thanks for the reply, I wouldn't know what I would be looking for on packet capture if I am being honest.
as far as I can tell I have opened 1433 on the azure vnet. The SQL is not a vm but rather a managed instance which in a net which is peered with the vnet with which we have a site to site connection from on premises.
This setup is detailed in the managed instance connection guide from MS but it never addresses how after peering you can connect from on premises although the diagram is showing this.
Additionally when I did a trace route of the managed instance name the route stopped at the meraki firewall IP. A little bit at a loss here.
What test should I perform on Azure, I can connect to the MI through SSMS running on the Vnet that does not host the SQL MI. I have come to the same conclusion that it is a routing problem.
Also not sure what you mean if the subnets are enabled on VPN? There is a site to site connection between on prems and azure vnet that holds the DC
Are using a vMX on Azure? Or are you using a Non-Meraki VPN peers? Or this site to site is configured with another equipment? Do you have a topology of your network or something like that?
I don't know what VMX is but we are using meraki for our local switching and routing and the site to site configuration is based on meraki VPN.
The azure infrastructure is for DC purposes nothing more than that but we want to deploy our DB and Web server there.
The topology of the local network is very simple, 30 odd local computers, two meraki switches 6 meraki WAPs and an MX85 router/firewall.
Great, on Azure the tunnel is UP, right? I don't have experience with Azure, but are you sure that the necessary ports are allowed on Azure?
we wouldn't be able to authenticate if it was not , in any case when I check for the site to site connection it looks up and running. I have created nsg rules for 1433 and redirection on the tunnelled Vnet.
This is why I am thinking your initial assessment of it being a routing issue is correct. The 1433 connection from SSMS does not seem to be hitting the Azure Vnet and therefore not getting forwarded to the SQL MI. This is why I as thinking that it was a meraki firewall issue but really not confident on this at all.
Not sure how it all connects (as in is this a DNS issue?)