I have an Azure Web App that needs to connect to the addresses xx.x.x.10 and xx.x.x.12 the customers on-premise server. For this purpose the Customer have setup a Policy based VPN (Cisco ASA 9.8) with public IP yyy.yy.y.y
While trying to get to obtain this connection to the on-premise service, I have for now created the following resources:
- a Local Network Gateway with
- IPaddress yyy.yy.y.y
- Address spaces xx.x.x.10/32 and xx.x.x.12/32
- a VNet with
- Address space 10.0.0.0/16
- GatewaySubnet 10.0.255.0/24
- a Public IP: zzz.zz.z.z
- a Virtual Network Gateway
- Sku: Basic
- VPN: PolicyBased
- Subnet: GatewaySubnet (10.0.255.0/24)
- Public IP: zzz.zz.z.z
- a Site-to-site connection between the Local Network Gateway and the Virtual Network Gateway
Since the Virtual Network Gateway needs to be Policy-based, it (as I see it):
- has to be Basic Sku
- is restricted to maximum one site-to-site connection
- cannot have point-to-site connections
Will it somehow be possible for me to get my web app in contact with the on-premise server? and in that case that what am I still missing to make it work? or is it required that the VPN is changed to a route-based?
You can directly connect your Web App with your Virtual Network if they are in the same Azure region. This will allow the Web App to talk with anything connected to the VNet, including remote networks reachable through site-to-site VPNs:
A point-to-site connection is only required if the VNet is in a different Azure region or uses the Classic deployment model.