Reputation: 11771
How do you connect Azure VMs, App Services, and on-prem machines to the same vnet?
We need a configuration set up exactly like the one described by the diagram in this support document. However, we already have the bottom right 2/3 configured, and it is not clear to me how the Point-to-site VPN should be configured:
Our Azure VMs and our on-premises machines share a VNet, connected via a site-to-site route-based VPN tunnel. We want to add our App Services to that VNet so they can also communicate privately with the VMs, but the documentation for configuring a Point to Site connection assumes you are starting from scratch, rather than adding to an existing VNet, and it does not cover Point-to-site connections to App Services.
It seems like a Point-to-site configuration needs to be added to the existing gateway, but I am unclear on several issues not covered by the documentation: How are certificates handled? What tunnel type is supported/preferred in App Services. Should the address pool of the Point-to-site config match the VNet's Gateway subnet range?
Update: After adding an address pool value for the Point-to-side configuration in the existing VNet gateway, the VNet could be added to our App Service. But even though The App Service VNet config reports that certs are in sync and that the gateway status is online, the App Service does not seem to be able to communicate with a VM, and nothing is listed under Allocated IP addresses in the Point-to-side configuration.
I am not sure if additional configuration is needed or if this implies a problem with the VNet addressing. The VNet default subnet is 10.1.0.0/24, the VNet gateway subnet is 10.1.1.0/24, and the Point-to-site pool is 10.1.2.0/24.
Upvotes: 1
Views: 386
Answers (1)
Reputation: 31452
How are certificates handled?
You don't need to create certificates for the Point-to-Site configuration. Certificates are automatically created when you connect your WebApp to the VNet using the portal.
What tunnel type is supported/preferred in App Services?
This is a reference to the P2S VPN features, you can take a look at this link. P2S supports the protocols such as Secure Sockets Tunneling Protocol (SSTP) and IPsec.
Should the address pool of the Point-to-site config match the VNet's Gateway subnet range?
You should not match the address pool of P2S with VNet's Gateway subnet. They are two address pools with different network.
Upvotes: 2
Related Questions
- Put a Azure Web App and a Virtual Machine inside the same Vnet on Azure?
- Azure App Service VNET integration and network optimization
- VNET Integration for App Services on Azure?
- app service and vm in azure with same virtual network
- integrate webapp with Azure VNET
- How can I connect an azure app service plan to a vnet which is also connected through peering to another vnet
- Azure App Service and VNet to VNet Connectivity
- Vnet between Virtual Machine and App Service in Azure
- Connecting an Azure Webapp to an existing virtual network
- How to connect Web Apps with VMs through more VNets