Share via

Establishing RDP Connection to Azure VM over Azure VPN Gateway

Anonymous
2022-11-05T12:29:14.16+00:00

Hi All,

Can you help me with the following?

"I had created a VM in azure with just the 3 default NSG inbound and outbound rules each. I had setup a P2S connection to this VM from my local client machine. I also had disassociated the public IP from the VM's network interface. Now, before I RDP onto the VM's private IP from my machine over the VPN tunnel, I just wanted to know whether this works. If yes, I am curious to know how is it possible to RDP onto the VM's private IP if no RDP ports are opened? "

Appreciate your responses!!

Azure VPN Gateway
Azure VPN Gateway

An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. KapilAnanth 49,876 Reputation points Moderator
    2022-11-07T12:25:23.297+00:00

    Hi @Anonymous ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
    I understand that you would like to understand more about P2S VPN gateway connectivity.

    When you configure VPN Gateway and establish a S2S/P2S Connection, all the VMs in Azure and Servers in OnPrem/Remote form a single private network.

    The routes to this network range are automatically updated in the default routes of the VMs.
    So, unless there is any Firewall blocking inside the OS of the VM, RDP via Private IP range should work regardless of whether or not we have a NSG on the subnet/NIC

    Refer: Optional default routes
    257921-image.png

    P.S:

    • NSGs do not open/close a port.
    • NSGs only block/allow traffic to the ports mentioned in the rule
    • They do not have any visibility if the Port is open or closed in the first place.

    I hope this helps.
    Please let us know if you are facing issues with RDP to the VM from your P2S Clients.

    Thanks,
    Kapil

    ----------------------------------------------------------------------------------------------------------------

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

  2. msrini-MSFT 9,311 Reputation points Microsoft Employee
    2022-11-05T15:04:48.857+00:00

    Hi,

    Yes it should work. In the default rules, there is a allow rule for any any inbound virtual network traffic. Your P2S client address gets added there. So, it should work.

    Regards,
    Karthik Srinivas

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.