APIM Private Endpoint is not resolved to private IP, but to public IP instead

Michal Jarzab 31 Reputation points

Hello Community,

We have crated APIM service, which is publicly accessible from the Internet (APIM -> Network -> Virtual Network set to None).

Our goal is to have the APIM service to be accessible from the Internet to external clients, however to our internal departments it should be accessed via Internal network private IP address.

For this purpose we have configured Private Link on APIM service and established vnet peering between vnet for our internal department and vnet where APIM's private endpoint is created (additional NIC interface).

Our problem is that whenever we try to reach APIM's gateway from an internal department's VM, the public IP of APIM is resolved instead the private one ( - NIC interface IP of private endpoint).

When we execute nslookup <APIM_name>.azure-api.net we can see that private DNS zone is used to resolve the IP, however the IP is resolved to public one, instead of private one....

The result of nslookup <APIM_name>.azure-api.net command is:

<apim_name>.azure-api.net canonical name = <apim_name>.privatelink.azure-api.net.

<apim_name>.privatelink.azure-api.net canonical name = <some_random_string>.trafficmanager.net.

<some_random_string>.trafficmanager.net canonical name = <apim_name>-westeurope-01.regional.azure-api.net.

<apim_name>-westeurope-01.regional.azure-api.net canonical name = <some_random_string>.westeurope.cloudapp.azure.com.


Address: 20.X.X.X

The expected result by us would be the private IP resolved
Can someone please explain what we are doing wrong?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,740 questions
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
933 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
461 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Michal Jarzab 31 Reputation points

    I've found the missing part.

    To have that working I needed to add Virtual Private Link in Private DNS zone pointing to my second (peered) vnet.

    Then everything works as expected.

    1 person found this answer helpful.