S2S IP Sec vpn - Accessing local resource from internet

Zakdxb 1 Reputation point
2022-10-10T11:44:28.967+00:00

Hello,

I've a local machine (on-premise in the office) with an ip address 192.168.1.x

I would like to access my local machine using the Azure Virtual Gateway : 20.74.131.55

Example , If I do RDP to 20.74.131.55: 3389, then it should connect me to a machine sitting on in my office (ip address: 192.168.1.x)

Note: Site to Site VPN tunnel is up and connected. I'm having Fortinet 100D FW at on-premise.

Scenario is I'm at home and I would like to do the RDP to 20.74.131.55 and it should connect me to 192.168.1.x

Can someone help what configuration i need do and if there is any additional resource I need to add to accomplish the goal.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,411 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. KapilAnanth-MSFT 37,566 Reputation points Microsoft Employee
    2022-10-10T12:55:09.12+00:00

    Hi @Zakdxb ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
    I understand that you would like to use Azure VPN gateway to establish RDP session to a OnPrem machine from your local machine.

    There is a way to achieve this, but not the way you intend to.

    Directly accessing the IP address of Azure VPN gateway, doing a NAT and connecting to an OnPrem resource is not possible.
    We cannot make Azure VPN gateway listen on custom Ports and do any sort of NAT configuration.

    Method #1

    • You would need a Jump VM sitting in Azure Virtual Network (attached to the VPN gateway) with Public IP Address.
    • You should RDP to this JumpVM normally, and from here, you can RDP to any of the require OnPrem resource

    Method #2

    Alternative Method

    • This does not use Azure VPN gateway, or Azure at all.
    • If your OnPrem VPN device supports NATing, you can directly access the IP of the Firewall at OnPrem and make it NAT to the desired OnPrem device

    I hope this explains the various possibilities.

    Thanks,
    Kapil

    ----------------------------------------------------------------------------------------------------------------

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.