Reputation: 792
How to access the Application gateway standard v2 ip in private using azure virtual network gateway?
I need to host my application to limited trusted audience. I'm using application gateway standard v2 as my load balancer. I want to provide access to the application gateway those who are connected to my vpn. I created network security group and I configured inbound rules to restrict the public access of port 80.Also I'm trying to open the port 80 for my specific users. But I couldn't able to configure source ip address range as dynamic based on vpn users.
Following things I have tried
- I tried by adding vpn address pool as NSG inbound rule source address
- I tried configuring the source tag as virtual network
- I tried configuring my VPN address pool range in my NSG(app gateway subnet)
But no luck. If I'm hardcoding specific public ip address it's working. I couldn't able to configure this for my vpn users.
Anyone kindly advise me on this ?
Upvotes: 0
Views: 1390
Answers (1)
Reputation: 5165
• I would suggest you to please configure the whitelisting of client IP address range in the Microsoft VPN gateway that you may have configured. As the application gateway that you are using is configured to be used as a load balancer and not an IP filtering appliance. The application gateway has a private IP address assigned to it while the VPN gateway has a public IP address assigned to it due to which the users connecting to the VPN gateway will be redirected internally to the application gateway and then to the application hosted behind it for better availability.
Please refer the below screenshot for bypassing a set of client address pool through a VPN gateway: -
Also, please check that the port ranges allowed or bypassed for the NSG of the application gateway can be filtered through it since it is purpose specific to port allow/disallow only. Thus, for client address range to be allowed for a particular port in NSG of the application gateway, ensure that the inbound port rules for VPN gateway public IP address and the respective client IP address pool is also allowed for the respective port configured on the listener of the application gateway, i.e., 80 or 443.
But it is recommended that you configure them in the VPN gateway configuration.
Please find the below link for reference regarding the application gateway: -
Upvotes: 0
Related Questions
- Create azure application gateway with static private ip address via terraform
- Azure - Application Gateway without public IP
- Can't Access Azure Application Gateway through peered VNET
- Application Gateway restrict by IP
- Azure Application Gateway private ip dns resolution
- Private endpoint with virtual network gateway
- Azure Application Gateway SSL Setup for private IP
- Static IP Address in Azure Application Gateway
- Azure WebApp - Get Private IP of a service connected on VNET
- Azure network security group and Application Gateway