Home / user-606059

skrl's questions

Martin Hope
skrl
Asked: 2020-12-17 01:16:12 +0800 CST
  • 0

I have 3 Azure webapps that need to be able to connect with each other.

One running the FE website - that needs to be accessed from the outside.

The other two i just running services that the FE site uses. There is no need for these to be open for public access and I would therefore like to restrict this.

What is the best way to restrict public acces to the two webapps, but still allow public acces to the FE site?

networking azure azure-web-apps
Martin Hope
skrl
Asked: 2020-12-16 12:15:27 +0800 CST
  • 2

I have an Azure Web App that needs to connect to the addresses xx.x.x.10 and xx.x.x.12 the customers on-premise server. For this purpose the Customer have setup a Policy based VPN (Cisco ASA 9.8) with public IP yyy.yy.y.y

While trying to get to obtain this connection to the on-premise service, I have for now created the following resources:

  • a Local Network Gateway with
    • IPaddress yyy.yy.y.y
    • Address spaces xx.x.x.10/32 and xx.x.x.12/32
  • a VNet with
    • Address space 10.0.0.0/16
    • GatewaySubnet 10.0.255.0/24
  • a Public IP: zzz.zz.z.z
  • a Virtual Network Gateway
    • Sku: Basic
    • VPN: PolicyBased
    • Subnet: GatewaySubnet (10.0.255.0/24)
    • Public IP: zzz.zz.z.z
  • a Site-to-site connection between the Local Network Gateway and the Virtual Network Gateway

Since the Virtual Network Gateway needs to be Policy-based, it (as I see it):

  • has to be Basic Sku
  • is restricted to maximum one site-to-site connection
  • cannot have point-to-site connections

Will it somehow be possible for me to get my web app in contact with the on-premise server? and in that case that what am I still missing to make it work? or is it required that the VPN is changed to a route-based?

vpn connection azure azure-web-apps point-to-site-vpn