Merge pull request #228827 from halkazwini/nw-tweak1

tweak

Author: Maggiemouse1

articles/network-watcher/diagnose-communication-problem-between-networks.md

@@ -7,7 +7,7 @@ author: halkazwini
 ms.service: network-watcher
 ms.topic: tutorial
 ms.workload: infrastructure-services
-ms.date: 02/23/2023
+ms.date: 02/28/2023
 ms.author: halkazwini
 ms.custom: template-tutorial, engagement-fy23
 # Customer intent: I need to determine why resources in a virtual network can't communicate with resources in a different virtual network over a VPN connection.
@@ -17,9 +17,9 @@ ms.custom: template-tutorial, engagement-fy23
 
 Azure VPN gateway is a type of virtual network gateway that you can use to send encrypted traffic between an Azure virtual network and your on-premises locations over the public internet. You can also use VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. A VPN gateway allows you to create multiple connections to on-premises VPN devices and Azure VPN gateways. For more information about the number of connections that you can create with each VPN gateway SKU, see [Gateway SKUs](../../articles/vpn-gateway/vpn-gateway-about-vpngateways.md#gwsku). Whenever you need to troubleshoot an issue with a VPN gateway or one of its connections, you can use Azure Network Watcher VPN troubleshoot to help you checking the VPN gateway or its connections to find and resolve the problem in easy and simple steps.
 
-This tutorial helps you connect two virtual networks via VPN gateways using VNet-to-VNet connections and use Network Watcher VPN troubleshoot capability to diagnose and troubleshoot a connectivity issue that's preventing the two virtual networks from communicating with each other. Once you find the issue and resolve it, you check the connectivity between the two virtual networks to verify the problem was resolved. 
+This tutorial helps you use Azure Network Watcher [VPN troubleshoot](network-watcher-troubleshoot-overview.md) capability to diagnose and troubleshoot a connectivity issue that's preventing two virtual networks from communicating with each other. These two virtual networks are connected via VPN gateways using VNet-to-VNet connections.
 
-In this tutorial, you learn how to:
+You learn how to:
 
 > [!div class="checklist"]
 > * Create virtual networks
@@ -31,7 +31,7 @@ In this tutorial, you learn how to:
 
 ## Prerequisites
 
-- An Azure account with an active subscription. create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- An Azure account with an active subscription. If you don't have one, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 
 ## Sign in to Azure
 
@@ -43,7 +43,7 @@ In this section, you create two virtual networks that you connect later using vi
 
 ### Create first virtual network
 
-1. In the search box at the top of the portal, enter *virtual network*. Select **Virtual networks** in the search results.
+1. In the search box at the top of the portal, enter *virtual networks*. Select **Virtual networks** in the search results.
 
     :::image type="content" source="./media/diagnose-communication-problem-between-networks/virtual-network-azure-portal.png" alt-text="Screenshot shows searching for virtual networks in the Azure portal.":::
 
@@ -89,7 +89,7 @@ In this section, you create a storage account, then you create a container in it
 
 If you have a storage account that you want to use, you can skip the following steps and go to [Create VPN gateways](#create-vpn-gateways).
 
-1. In the search box at the top of the portal, enter *storage account*. Select **Storage accounts** in the search results.
+1. In the search box at the top of the portal, enter *storage accounts*. Select **Storage accounts** in the search results.
 
 1. Select **+ Create**. In **Create a storage account**, enter or select the following values in the **Basics** tab:
 
@@ -104,15 +104,11 @@ If you have a storage account that you want to use, you can skip the following s
     | Performance | Select **Standard**. |
     | Redundancy | Select **Locally-redundant storage (LRS)**. |
 
-1. Select the **Networking** tab, or select **Next: Advanced** and then **Next: Networking** button at the bottom of the page.
-
-1. Under **Network connectivity**, select **Enable public access from all networks**.
-
 1. Select the **Review** tab or select the **Review** button.
 
 1. Review the settings, and then select **Create**.
 
-1. Select **Go to resource** to go to the **Overview** page of **mynwstorageaccount**.
+1. Once the deployment is complete, select **Go to resource** to go to the **Overview** page of **mynwstorageaccount**.
 
 1. Under **Data storage**, select **Containers**.
 
@@ -131,7 +127,7 @@ In this section, you create two VPN gateways that will be used to connect the tw
 
 ### Create first VPN gateway
 
-1. In the search box at the top of the portal, enter *virtual network gateway*. Select **Virtual network gateways** in the search results.
+1. In the search box at the top of the portal, enter *virtual network gateways*. Select **Virtual network gateways** in the search results.
 
 1. Select **+ Create**. In **Create virtual network gateway**, enter or select the following values in the **Basics** tab:
 
@@ -280,7 +276,7 @@ Fix the problem by correcting the key on **to-VNet1** connection to match the ke
 
 ## Clean up resources
 
-If you're no longer need the gateways and other resources created in this tutorial, delete the resource group and all of the resources it contains:
+When no longer needed, delete the resource group and all of the resources it contains:
 
 1. Enter *myResourceGroup* in the **Search** box at the top of the portal. When you see **myResourceGroup** in the search results, select it.
 2. Select **Delete resource group**.

articles/network-watcher/diagnose-vm-network-routing-problem.md

@@ -7,46 +7,44 @@ author: halkazwini
 ms.author: halkazwini
 ms.service: network-watcher
 ms.topic: tutorial
-ms.date: 02/10/2023
+ms.date: 02/28/2023
 ms.custom: template-tutorial, mvc, engagement-fy23
 # Customer intent: I want to diagnose virtual machine (VM) network routing problem that prevents communication to different destinations.
 ---
 
 # Tutorial: Diagnose a virtual machine network routing problem using the Azure portal
 
-When you deploy a virtual machine (VM), Azure creates several [system default routes](/articles/virtual-network/virtual-networks-udr-overview.md#system-routes?toc=%2Fazure%2Fnetwork-watcher%2Ftoc.json&tabs=json) for it. You can create [custom routes](/articles/virtual-network/virtual-networks-udr-overview.md#custom-routes?toc=%2Fazure%2Fnetwork-watcher%2Ftoc.json&tabs=json) to override some of Azure's system routes. Sometimes, a custom route can result in a VM not being able to communicate with the intended destination. You can use Azure Network Watcher to troubleshoot and diagnose the VM routing problem that's preventing it from correctly communicating with other resources.
+When you deploy a virtual machine (VM), Azure creates several [system default routes](/articles/virtual-network/virtual-networks-udr-overview.md#system-routes?toc=%2Fazure%2Fnetwork-watcher%2Ftoc.json&tabs=json) for it. You can create [custom routes](/articles/virtual-network/virtual-networks-udr-overview.md#custom-routes?toc=%2Fazure%2Fnetwork-watcher%2Ftoc.json&tabs=json) to override some of Azure's system routes. Sometimes, a custom route can result in a VM not being able to communicate with the intended destination. You can use Azure Network Watcher [next hop](network-watcher-next-hop-overview.md) capability to troubleshoot and diagnose the VM routing problem that's preventing it from correctly communicating with other resources.
 
 In this tutorial, you learn how to:
 
 > [!div class="checklist"]
-> * Create a virtual network and deploy two virtual machines in it
+> * Create a virtual network and a Bastion host
+> * Create two virtual machines
 > * Test communication to different IPs using the next hop capability of Azure Network Watcher
 > * View the effective routes
 > * Create a custom route
 > * Diagnose a routing problem
 
 If you prefer, you can diagnose a virtual machine network routing problem using the [Azure CLI](diagnose-vm-network-routing-problem-cli.md) or [Azure PowerShell](diagnose-vm-network-routing-problem-powershell.md) tutorials.
 
-If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
-
-
 ## Prerequisites
 
-- An Azure subscription
-
+- An Azure account with an active subscription. If you don't have one, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 
 ## Sign in to Azure
 
 Sign in to the [Azure portal](https://portal.azure.com).
 
-
 ## Create a virtual network
 
 In this section, you create a virtual network.
 
-1. In the search box at the top of the portal, enter *virtual network*. Select **Virtual networks** in the search results.
+1. In the search box at the top of the portal, enter *virtual networks*. Select **Virtual networks** in the search results.
 
-1. Select **+ Create**. In **Create virtual network**, enter or select the following in the **Basics** tab:
+    :::image type="content" source="./media/diagnose-vm-network-routing-problem/virtual-network-azure-portal.png" alt-text="Screenshot shows searching for virtual networks in the Azure portal.":::
+
+1. Select **+ Create**. In **Create virtual network**, enter or select the following values in the **Basics** tab:
 
     | Setting | Value |
     | --- | --- |
@@ -59,7 +57,7 @@ In this section, you create a virtual network.
 
 1. Select the **IP Addresses** tab, or select **Next: IP Addresses** button at the bottom of the page.
 
-1. Enter the following in the **IP Addresses** tab:
+1. Enter the following values in the **IP Addresses** tab:
 
     | Setting | Value |
     | --- | --- |
@@ -69,7 +67,7 @@ In this section, you create a virtual network.
 
 1. Select the **Security** tab, or select the **Next: Security** button at the bottom of the page. 
 
-1. Under **BastionHost**, select **Enable** and enter the following:
+1. Under **BastionHost**, select **Enable** and enter the following values:
 
     | Setting | Value |
     | --- | --- |
@@ -81,19 +79,17 @@ In this section, you create a virtual network.
 
 1. Review the settings, and then select **Create**. 
 
-
 ## Create virtual machines
 
 In this section, you create two virtual machines: **myVM** and **myNVA**. You use **myVM** virtual machine to test the communication from. **myNVA** virtual machine is used as a network virtual appliance in the scenario.
 
-
 ### Create first virtual machine
 
-1. In the search box at the top of the portal, enter *virtual machine*. Select **Virtual machines** in the search results.
+1. In the search box at the top of the portal, enter *virtual machines*. Select **Virtual machines** in the search results.
 
 2. Select **+ Create** and then select **Azure virtual machine**.
 
-3. In **Create a virtual machine**, enter or select the following in the **Basics** tab:
+3. In **Create a virtual machine**, enter or select the following values in the **Basics** tab:
 
     | Setting | Value |
     | --- | --- |
@@ -114,22 +110,22 @@ In this section, you create two virtual machines: **myVM** and **myNVA**. You us
 
 4. Select the **Networking** tab, or select **Next: Disks**, then **Next: Networking**.
 
-5. In the Networking tab, enter or select the following information:
+5. In the Networking tab, enter or select the following values:
 
     | Setting | Value |
     | --- | --- |
     | **Network interface** |  |
     | Virtual network | Select **myVNet**. |
     | Subnet | Select **mySubnet**. |
-    | Public IP | Leave the default. |
+    | Public IP | Select **None**. |
     | NIC network security group | Select **Basic**. |
     | Public inbound ports | Select **None**. |
 
 6. Select **Review + create**.
 
 7. Review the settings, and then select **Create**. 
 
-8. Select **Go to resource** to go to the **Overview** page of **myVM**.  
+8. Once the deployment is complete, select **Go to resource** to go to the **Overview** page of **myVM**.  
 
 9. Select **Connect**, then select **Bastion**.
 
@@ -141,19 +137,17 @@ In this section, you create two virtual machines: **myVM** and **myNVA**. You us
 
     :::image type="content" source="./media/diagnose-vm-network-routing-problem/bing-allowed.png" alt-text="Screenshot showing Bing page in a web browser.":::
 
-
 ### Create second virtual machine
 
 Follow the previous steps that you used to create **myVM** virtual machine and enter *myNVA* for the virtual machine name.
 
-
 ## Test network communication using Network Watcher next hop
 
 Use the next hop capability of Network Watcher to determine which route Azure is using to route traffic from **myVM**, which has one network interface with one IP configuration
 
 1. In the search box at the top of the portal, enter *network watcher*. Select **Network Watcher** in the search results.
 
-1. Under **Network diagnostic tools**, select **Next hop**. Enter or select the following information:
+1. Under **Network diagnostic tools**, select **Next hop**. Enter or select the following values:
 
     | Setting | Value  |
     | ------- | ------ |
@@ -176,12 +170,11 @@ Use the next hop capability of Network Watcher to determine which route Azure is
 
     :::image type="content" source="./media/diagnose-vm-network-routing-problem/next-hop-none-system-route.png" alt-text="Screenshot showing Network Watcher next hop result when testing with a private IP outside the address space of the virtual network.":::
 
-
 ## View details of a route
 
 To further analyze routing, review the effective routes for **myVM** network interface.
 
-1. In the search box at the top of the portal, enter *virtual machine*. Select **Virtual machines** in the search results.
+1. In the search box at the top of the portal, enter *virtual machines*. Select **Virtual machines** in the search results.
 
 1. Under **Settings**, select **Networking**, then select the network interface.
 
@@ -197,19 +190,17 @@ To further analyze routing, review the effective routes for **myVM** network int
 
     However, when you ran the test using **10.1.0.5**, the result was **None** for the next hop type because this IP address is in the 10.0.0.0/8 address space. Azure default route for 10.0.0.0/8 address prefix has next hope type as **None**. If you add an address prefix that contains 10.1.0.5 to the virtual network address space, then the next hop type for 10.1.0.5 will change from **None** to **VirtualNetwork**. 
 
-
 ## Test a routing problem due to custom routes
 
-Next, you'll create a static custom route to override Azure default system routes and cause a routing problem to **myVM** virtual machine that prevents it from directly communicating with `www.bing.com`. Then, you'll use Network Watcher next hop to troubleshoot and diagnose the problem.
-
+Next, you create a static custom route to override Azure default system routes and cause a routing problem to **myVM** virtual machine that prevents it from directly communicating with `www.bing.com`. Then, you'll use Network Watcher next hop to troubleshoot and diagnose the problem.
 
 ### Create a custom route
 
 In this section, you create a static custom route (user-defined route) in a route table that forces all traffic destined outside the virtual network to a specific IP address. Forcing traffic to a virtual network appliance is a common scenario.
 
-1. In the search box at the top of the portal, enter *route table*. Select **Route tables** in the search results.
+1. In the search box at the top of the portal, enter *route tables*. Select **Route tables** in the search results.
 
-1. Select **+ Create** to create a new route table. In the **Create Route table** page, enter or select the following:
+1. Select **+ Create** to create a new route table. In the **Create Route table** page, enter or select the following values:
 
     | Setting | Value  |
     | ------- | ------ |
@@ -225,11 +216,11 @@ In this section, you create a static custom route (user-defined route) in a rout
 
 1. Review the settings, and then select **Create**.
 
-1. Select **Go to resource**.
+1. Once the deployment is complete, select **Go to resource** to go to the **Overview** page of **myRouteTable**.
 
 1. Under **Settings**, select **Routes**, and then select **+ Add** to add a custom route. 
 
-1. In the **Add route** page, enter or select the following:
+1. In the **Add route** page, enter or select the following values:
 
     | Setting | Value  |
     | ------- | ------ |
@@ -241,14 +232,13 @@ In this section, you create a static custom route (user-defined route) in a rout
 
 1. Select **Add**.
 
-
 ### Associate the route table with the subnet
 
 In this section, you associate the route table that you created in the previous section with **mySubnet** subnet.
 
 1. Under **Settings**, select **Subnets**, and then select **+ Associate** to associate **myRouteTable** with **mySubnet** subnet. 
 
-1. In the **Associate subnet** page, select the following:
+1. In the **Associate subnet** page, select the following values:
 
     | Setting | Value  |
     | ------- | ------ |
@@ -257,14 +247,12 @@ In this section, you associate the route table that you created in the previous
 
 1. Select **OK**.
 
-
 ### Go to `www.bing.com`
 
 In **myVM**, open the web browser and go to `www.bing.com` to verify if it's still reachable. The custom route that you created and associated with subnet of **myVM** forces the traffic to go to **myNVA**. The traffic is dropped as **myNVA** isn't set up to forward the traffic for the purposes of this tutorial to demonstrate a routing problem.
 
 :::image type="content" source="./media/diagnose-vm-network-routing-problem/bing-blocked.png" alt-text="Screenshot showing Bing page isn't reachable in a web browser.":::
 
-
 ###  Test network communication using next hop
 
 Repeat the steps you used in [Test network communication using Network Watcher next hop](#test-network-communication-using-network-watcher-next-hop) section using **13.107.21.200** to test the communication to `www.bing.com`.
@@ -282,20 +270,19 @@ The custom route with prefix 0.0.0.0/0 overrode Azure default route and caused a
 > [!NOTE]
 > In this tutorial, traffic to `www.bing.com` was dropped because **myNVA** was not set up to forward traffic. To learn how to set up a virtual machine to forward traffic, see [Turn on IP forwarding](/articles/virtual-network/tutorial-create-route-table-portal.md#turn-on-ip-forwarding).
 
-
 ## Clean up resources
 
 When no longer needed, delete the resource group and all of the resources it contains:
 
-1. Enter *Resource groups* in the **Search** box at the top of the portal, and then select **myResourceGroup**.
+1. Enter *myResourceGroup* in the **Search** box at the top of the portal. When you see **myResourceGroup** in the search results, select it.
 2. Select **Delete resource group**.
 3. Enter *myResourceGroup* for **TYPE THE RESOURCE GROUP NAME:** and select **Delete**.
 
 ## Next steps
 
 In this tutorial, you created a virtual machine and used Network Watcher next hop to diagnose routing to different destinations. To learn more about routing in Azure, see [Virtual network traffic routing](../virtual-network/virtual-networks-udr-overview.md?toc=%2fazure%2fnetwork-watcher%2ftoc.json).
 
-For outbound VM connections, you can also determine the latency, allowed and denied network traffic between the VM and an endpoint, and the route used to an endpoint, using Network Watcher [connection troubleshoot](network-watcher-connectivity-portal.md) capability.
+For outbound VM connections, you can use Network Watcher [connection troubleshoot](network-watcher-connectivity-portal.md) capability to determine the latency, allowed and denied network traffic between the VM and an endpoint, and the route to an endpoint.
 
 To learn how to monitor communication between two virtual machines, advance to the next tutorial.
 > [!div class="nextstepaction"]