How to block Public IP access and only allow Private IP access in Virtual Machin through VPN only

Rocky Mondal 96 Reputation points
2023-02-27T07:40:47.8866667+00:00

Hi,

We have Virtual machine in Azure with public ip and private ip. But we want to block Public IP access, only allow to connect VM with private IP through VPN connection. How to configure on this using nsg (network security group), we don't want to procure and use azure firewall.

Please help, it will be very helpful if you share step by step with details.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,071 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
909 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,128 questions
{count} votes

2 answers

Sort by: Most helpful
  1. vipullag-MSFT 23,856 Reputation points Microsoft Employee
    2023-02-27T08:02:55.6866667+00:00

    Hello Rocky Mondal

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    To block public IP access and allow only private IP access to your Azure virtual machine through VPN, you can configure NSG to achieve this.

    -Create a Network Security Group (NSG) and associate it with your Azure virtual machine.

    -Add an inbound security rule to the NSG to allow traffic from the VPN Gateway to the virtual machine.

    • Navigate to the NSG and click on "Inbound security rules" from the left-hand menu.
    • Click on "Add" to add a new rule.
    • Give a name to the rule, select "Any" as the source IP address, and select "VirtualNetwork" as the source type.
    • Select "Custom" as the service, and then select "TCP" as the protocol type and enter the port number you want to allow.
    • Select "Allow" as the action and then click on "Add" to add the rule. Ref: https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic

    -Add an outbound security rule to the NSG to allow traffic from the virtual machine to the VPN Gateway.

    • Navigate to the NSG and click on "Outbound security rules" from the left-hand menu.
    • Click on "Add" to add a new rule.
    • Give a name to the rule, select "VirtualNetwork" as the destination type, and select "Any" as the destination IP address.
    • Select "Custom" as the service, and then select "TCP" as the protocol type and enter the port number you want to allow.
    • Select "Allow" as the action and then click on "Add" to add the rule.

    -Configure the VPN Gateway to allow traffic from the virtual network to the internet.

    With the above configuration, your Azure virtual machine will only allow connections through VPN and block all public IP addresses. Hope this helps.

    If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.

    0 comments No comments

  2. msrini-MSFT 9,251 Reputation points Microsoft Employee
    2023-03-10T19:11:33.8866667+00:00

    Hi,

    Can you remove the Public IP and just use private IP which can be connected via VPN ?

    Regards,

    Karthik Srinivas

    0 comments No comments