CODEWITHSUNDEEP
azureazure-virtual-networkazure-webapps
roast
roast

Reputation: 129

Azure Global VNet peering and WebApps

I am using Global VNet peering in Azure (2 networks in 2 different regions) and I'd like to access a VM I have in one of them from a WebApp I'd like to integrate with the other.

I have tried integrating the WebApp through a gateway and also directly without a gateway (the preview function) and I managed to see VMs from the same VNet but I am unable to access the VM from the globally peered VNet by its private IP.

Is this possible to achieve and if so, how? Thank you.

Upvotes: 1

Views: 1316

Answers (1)

Nancy Xiong
Nancy Xiong

Reputation: 28204

Yes, It's possible since you could use remote gateways or allow gateway transit in globally peered virtual networks in preview, currently. The preview is available in all Azure regions, China cloud regions, and Government cloud regions. Read more details. Moreover,

Route tables and global peering are not yet available with the new VNet Integration.

So you could try to use the existing VNet integration with a VNet which has a P2S VPN gateway. To configure peering to work with your app, you could refer to peering configuration.

  1. Add a peering connection on the VNet your app connects to. When adding the peering connection, enable Allow virtual network access and check Allow forwarded traffic and Allow gateway transit.
  2. Add a peering connection on the VNet that is being peered to the VNet you are connected to. When adding the peering connection on the destination VNet, enable Allow virtual network access and check Allow forwarded traffic and Allow remote gateways.
  3. Go to the App Service plan > Networking > VNet Integration UI in the portal. Select the VNet your app connects to. Under the routing section, add the address range of the VNet that is peered with the VNet your app is connected to.

Please note that you must add the peered VNet address in step 3. Then sync network, you will see the address range in the IP ADDRESSES ROUTED TO VNet. In my case, my peered VNet address range is 10.0.0.0/24.

enter image description here

The tools ping, nslookup and tracert won’t work through the console due to security constraints. Navigate to the web app console, we can use tcpping to verify the TCP connection with its private IP address. Please check if vm does not allow incoming pings or that the network security group for the virtual machine blocks them. See more troubleshooting details here.

enter image description here

Upvotes: 1

Related Questions