Unable to connect to Azure VM using Private IP Address after setting up Point to Site VPN

Question

Hello,

For learning purpose, I created a Virtual Network Gateway and the configured Point to Site VPN connection. Setup the VPN connection on Azure VM, I am able a access a website and RDP another VM using it's public IP address successfully even though source VM and destination VM were in different VNets and there was no peering between them. I concluded VPN is working as expected.

Then I tried RDP Azure VM using it's private IP address and it didn't work. I remember last time, i was able to connect to Azure VM using it's Private IP address after configuring Bastion on it.

Pls help me with:

1. Not sure if I can connect a VM using private IP when from a Bastion host or there are some other use cases also?
2. How come VPN doesn't allow me to connect VM using private IP as Azure internally would have been using private IP as public IP might get changed for a resource.
3. Is there a way to connect to Azure VM using private IP from my laptop provided there is no VPN set up and AD is not federated.

Appreciate your insightful response, thank you !!

Answer 1

Hello @anil kumar ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

1) Azure Bastion is a service that lets you connect to a virtual machine using your browser and the Azure portal. Azure Bastion opens the RDP/SSH connection to your Azure virtual machine using private IP on your VM. You don't need a public IP on your virtual machine.
Reference : https://learn.microsoft.com/en-us/azure/bastion/bastion-overview
https://learn.microsoft.com/en-us/azure/bastion/tutorial-create-host-portal

2) P2S VPN should allow you to connect to a VM using it's private IP. May I know where the VPN client is installed? Are you accessing Azure VM from your local laptop via Azure VPN client?
From your intial statement : "Setup the VPN connection on Azure VM, I am able a access a website and RDP another VM using it's public IP address successfully even though source VM and destination VM were in different VNets and there was no peering between them." - I understand that your P2S VPN setup is completely on Azure. Is that correct? You have 2 Vnets. You are using one Vnet as Azure and other Vnet as on-prem and have installed P2S VPN on the other Vnet's VM.
Do you have any overlapping address spaces between Azure and your on-prem setup? Is the P2S VPN address pool setup correctly and not overlapping? You can also try resetting the Azure VPN gateway once and check again.
References : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#addresspool
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems#the-point-to-site-vpn-connection-is-established-but-you-still-cannot-connect-to-azure-resources

3) The only way to connect to Azure VM using private IP from your laptop (provided there is no VPN set up and AD is not federated) would be via Bastion host.

Kindly let us know if the above helps or you need further assistance on this issue.

---

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

Hello team ,

               Now explain my scenario , I create site to site vpn (On-prem to azure environment) the connection status is success .But private pinging is  not working  i got the "request timeout" .May I  what is an reson for that. 

Answer 3

After turning off windows firewall from server manager dashboard it may work.
By default it was on so unable to do RDP session using pvt ip, so after turning off it works.