This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi All,
Can you help me with the following?
"I had created a VM in azure with just the 3 default NSG inbound and outbound rules each. I had setup a P2S connection to this VM from my local client machine. I also had disassociated the public IP from the VM's network interface. Now, before I RDP onto the VM's private IP from my machine over the VPN tunnel, I just wanted to know whether this works. If yes, I am curious to know how is it possible to RDP onto the VM's private IP if no RDP ports are opened? "
Appreciate your responses!!
Hi,
Yes it should work. In the default rules, there is a allow rule for any any inbound virtual network traffic. Your P2S client address gets added there. So, it should work.
Regards,
Karthik Srinivas
Hi @Anonymous ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to understand more about P2S VPN gateway connectivity.
When you configure VPN Gateway and establish a S2S/P2S Connection, all the VMs in Azure and Servers in OnPrem/Remote form a single private network.
The routes to this network range are automatically updated in the default routes of the VMs.
So, unless there is any Firewall blocking inside the OS of the VM, RDP via Private IP range should work regardless of whether or not we have a NSG on the subnet/NIC
Refer: Optional default routes
P.S:
I hope this helps.
Please let us know if you are facing issues with RDP to the VM from your P2S Clients.
Thanks,
Kapil
----------------------------------------------------------------------------------------------------------------
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
Thanks for your response.!!
So are you saying that the address pool specified while creating the P2S connection gets added to the default route table and no new NSG rules are added as part of the P2S connection?
Hi @Anonymous ,
Yes.
Default NSG rules would allow connections from IP range of the P2S.
Unless you have some custom rules in NSH blocking VNet traffic, P2S devices should be able to communicate with VMs in the VNet.
Cheers,
Kapil
---------------------------------------------------------------------------------------------------------------
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.