The Scenario

The diagram above shows two virtual networks in which several VMs are placed. All VMs require a local DNS server that can be reached via the VPN gateway. The network is accordingly peered (with Use Remote Gateway and Allow Gateway Transit), so that the VMs from VNet-2 can also reach the DNS server.

The Problem

Unfortunately, the VPN occasionally causes problems. In some cases all VMs from VNet-1 can no longer reach the DNS, in other cases all VMs from VNet-2 can no longer reach the DNS and sometimes no VM at all. The problem can be solved by a simple tunnel reset. The only difficulty is knowing when there are problems with VNet-1 or VNet-2.

The Solution

We can setup connection monitors with the Network Watcher and it can trigger alerts if a problem occurred. I added two connections in the connection monitor, from one VM of each VNet (VM6 and VM10):

The current status for each connection is displayed in the lower area. By clicking on this diagram (red border), further details can be displayed and an alert can be created:

As rule, the % Probes Failed condition can be used:

And we can use the runbook, created in the previous post, inside the action group.