Communication between two Azure virtual networks



I have attached here the snap taken from the link below:256028-azure-vnets.png

The highlighted sentence confused me. I understand that because of the default inbound security rule "AllowVNetInBound", VM's in two separate virtual networks be able to communicate with each other via their respective public addresses. Please correct me otherwise.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,227 questions
{count} votes

Accepted answer
  1. Alan Kinane 16,796 Reputation points MVP

    Virtual Networks are isolated from each other by default unless you connect them (usually by using VNET Peering), this allows those resources to communicate via their private IP addresses. The AllowVnetInBound rule is pre-configured to allow traffic within any connected VNETs, note the source and destination on this rule are both VirtualNetwork.

    If the VNETs are not connected then you use public IP addresses instead but you would need to add an Inbound access rule to your network security group as this traffic is denied by default due to the pre-configured DenyAllInBound rule which has a source and destination of Any.

2 additional answers

Sort by: Most helpful
  1. Michael Durkan 12,166 Reputation points MVP


    this is where VNET Peering comes in. You need to create peering between the 2 Virtual Networks in order for them to communicate with each other.

    As the statement says, each Virtual Network is an isolated portion of the Azure Public network. You need to create peering so that the resources behind each NSG in each VNET can communicate with each other across the Azure Backbone network using their private IP Addresses.

    Check the link here for more details:


    Michael Durkan

    • If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!
    0 comments No comments

  2. Preetha Rajesh 51 Reputation points

    Hi @MohammedShaifal-2799

    The default inbound security rule “AllowVNetInbound” will not allow VMs in two separate virtual network to communicate with each other. You need to enable additional capabilities as mentioned in the below link,other%20route%2C%20to%20the%20Internet.

    AllowVnetinbound rule permits all the hosts inside the virtual network to communicate with each other.

    The above article will help you to get more insights on basic concepts of networking.

    Thank You!


    0 comments No comments