Routing Inbound traffic from VPN Tunnel (S2S) to a Public IP of LoadBalancer in Azure

Govinda Kavoor 0 Reputation points


We have setup a S2S VPN from Azure to On-Prem(cisco) successfully using just the azure services like VPN Gateway, Local Gateway and Connection.

However my client's(who is onprem) requirement that he will send data only to public IP and through the established VPN tunnel.

They don't want to use private IP as the have hundreds of tunnels with different clients.

WE are unable to route the data coming from tunnel to our load balancer's public IP. We tried with a VM also for testing purpose, but were unable to setup the route successfully.

Appreciate if anyone of you can help.


Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,314 questions
{count} votes

1 answer

Sort by: Most helpful
  1. KapilAnanth-MSFT 31,776 Reputation points Microsoft Employee

    @Govinda Kavoor

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to advertise the Public IP of Azure Load Balancer via S2S Tunnel.

    Unfortunately, this won't be feasible.

    • Azure VPN Gateway can only advertise the VNet range via the S2S Tunnel.
    • The IP address of the Load Balancer will be advertised to internet only from Azure End. (it does not belong to VNet i.e, LB is not bound to any VNet)
    • The use case of VPN Gateway is to provide encryption for the private range only, not for public IPs.

    In case encryption is your priority,

    Kindly let us know if the above helps or you need further assistance on this issue.



    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments No comments