![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 10%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 23%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
Hi @ DONG CHEN,
Welcome to Microsoft Q&A Platform.
From an Azure VM (eden4) we see TCP SYNs/ICMP targeted at our on-prem IP 192.xxx.233:13202, and Network Watcher connection troubleshoot shows next-hop = MicrosoftEdge but Connectivity test: Unreachable (probes 30/30 failed).
Please check the CE/router for VLAN and ARP for Azure private peering IPs (169.xxx.xxx.xxx), confirm CE receives the packets from Azure and forwards them to 192.xxx.233. Also capture traffic on the CE for that time window.
Please Verify BGP session is established, and provider is not filtering the prefixes or the port.
You can use the Test private peering connectivity tool in the Azure portal to validate packet flow between your on-premises network and Azure resources and also run the PsPing utility to assess connectivity from your on-premises IP to the Azure IP addresses
Ref: Verify ExpressRoute connectivity and Verify ExpressRoute connectivity
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.