Skip to main content
Answer

Issue in performing DR with Cloud connect

  • June 25, 2025
  • 5 comments
  • 82 views
Mohammed Tajudeen

We have a cloud connect environment set up for the customer's and one of the customer is having the DR setup done in our environment, which is failing with below error while a failover is made,

 

  "Processing client-side settings of partial failover failed: Error: Failed to connect to VPN server via cloud gateways: xxx-xxxx.com:6180"

 

Analysis done so far - 

Initially We tried checking the connectivity of the gateway and NEA, and it looks like the telnet is working fine from the VBR and NEA IP,
As well We narrowed down the issue to DNS resolution not working from the tenant side NEA,
So we manually set DNS server entries in the DNS config file on the NEA, and tested resolution was working on nslookup and ping,
However! When we ran a failover it still failed, and we noticed that the config file had been overwritten.
We manually added the gateway address in the host file on the NEA, and tested the resolution,
However! Once again the failover failed, and we noticed all the configuration we make to NEA appliance files getting overwritten.
Following by logs just says the Failed to connect to VPN server via cloud gateways: xxx-xxxx.com:6180 but the ports has been opened by customer to Service provider.

Best answer by Mohamed Ali

@Mohammed Tajudeen  “Processing client-side settings of partial failover failed” - This looks connectivity issue from the tenant NEA appliance to cloud gateway. Make sure the 6180 TCP/UDP ports are in open from NEA to CC gateway and disable if any SSL inspections in firewall. 

You can manually power ON the tenant NEA appliance and see if you can able to reach the SP gateway servers. If you still having issues please collect logs from the NEA appliance for further analysis

/var/log/cloudgateproxy-tap0.log
/var/log/open-tap0.log

Follow this steps to change root login credentials for the NEA appliance:   https://helpcenter.veeam.com/docs/backup/cloud/network_extension_credentials.html?ver=120

 

    Link State

    5 comments

    marco_s
    Forum|alt.badge.img+8
    • marco_s
    • On the path to Greatness
    • June 26, 2025

    Hi ​@Mohammed Tajudeen ,

    have you already tried to troubleshoot vpn status?

    You can try to re-establishing the tunnel for example: https://helpcenter.veeam.com/docs/backup/cloud/vpn_tunnel_reconnect.html?ver=120

    Anyway, I suggest you to check again all port requirements, for example the bidirectional UDP 1195 port cloud gateway-sp nea usedd for vpn.

    Be careful, if tenant has more than one network on the cloud host, you need odd ports starting from 1195 (1197, 1199..).

    Please also verify TCP and UPD 6180 (UDP is used only during partial failover of a cloud replica) port from tenant VBR to cloud gateway.

    Marco Sorrentino - Italy | System Engineer | VMCE & VMCA
    Link State
    Marcel.K
    Marcel.K
    Forum|alt.badge.img+9
    • Marcel.K
    • Veeam Legend
    • June 26, 2025

    Hi, 

    “Failed to connect to VPN server via cloud gateways: xxx-xxxx.com:6180”

    would go to the cloud gateway and check connectivity towards NEA

    looks on the dns, firewall issue or maybe with certificate ...

     

    Marcel Kačmár | VCSP Partner 2022 | VMCE 2024 | VMCA 2024 | Veeam Legend 2025 |
    Link State
    MarkBoothman
    Forum|alt.badge.img+7
    • MarkBoothman
    • Influencer
    • June 26, 2025

    The NEA boots from an ISO if I recall. Any changes you make to it directly won’t be saved as it’s non-persistent storage. Once it boots scripts are ran to configure its ip etc.

    VMCA2022 | VMCE2021/5 | VUG UK Leader
    Link State
    Mohamed Ali
    Forum|alt.badge.img+2
    • Mohamed Ali
    • VUG Leader
    • Answer
    • July 3, 2025

    @Mohammed Tajudeen  “Processing client-side settings of partial failover failed” - This looks connectivity issue from the tenant NEA appliance to cloud gateway. Make sure the 6180 TCP/UDP ports are in open from NEA to CC gateway and disable if any SSL inspections in firewall. 

    You can manually power ON the tenant NEA appliance and see if you can able to reach the SP gateway servers. If you still having issues please collect logs from the NEA appliance for further analysis

    /var/log/cloudgateproxy-tap0.log
    /var/log/open-tap0.log

    Follow this steps to change root login credentials for the NEA appliance:   https://helpcenter.veeam.com/docs/backup/cloud/network_extension_credentials.html?ver=120

     

    Mohamed Ali | VUG leader | VMCE 2024, VCP-DCV, CCP-V
    Link State
    Mohammed Tajudeen

    Hi,

    We have re-deployed the NEA on tenant side and allowed traffic with any port between NEA and Cloud gateway resolved the issue and DR is success. Meanwhile working with tenant side network team to capture logs to investigate which port was in particularly blocking.

    Regards.

    marco_s
    Link State
    Mohamed Ali
    Terms & ConditionsAccessibility statement