This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 84%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Hello Community,
We have crated APIM service, which is publicly accessible from the Internet (APIM -> Network -> Virtual Network set to None).
Our goal is to have the APIM service to be accessible from the Internet to external clients, however to our internal departments it should be accessed via Internal network private IP address.
For this purpose we have configured Private Link on APIM service and established vnet peering between vnet for our internal department and vnet where APIM's private endpoint is created (additional NIC interface).
Our problem is that whenever we try to reach APIM's gateway from an internal department's VM, the public IP of APIM is resolved instead the private one (10.2.0.4 - NIC interface IP of private endpoint).
When we execute nslookup <APIM_name>.azure-api.net we can see that private DNS zone is used to resolve the IP, however the IP is resolved to public one, instead of private one....
The result of nslookup <APIM_name>.azure-api.net command is:
<apim_name>.azure-api.net canonical name = <apim_name>.privatelink.azure-api.net.
<apim_name>.privatelink.azure-api.net canonical name = <some_random_string>.trafficmanager.net.
<some_random_string>.trafficmanager.net canonical name = <apim_name>-westeurope-01.regional.azure-api.net.
<apim_name>-westeurope-01.regional.azure-api.net canonical name = <some_random_string>.westeurope.cloudapp.azure.com.
Name:<some_random_string>.westeurope.cloudapp.azure.com
Address: 20.X.X.X
The expected result by us would be the private IP resolved
**Address: 10.2.0.4
**
Can someone please explain what we are doing wrong?
Update:
I have found that when I create a VM in the same vnet where APIM's private endpoint is located and run nslookup <APIM_name>.azure-api.net on that vm, then IP is resolved correctly to the local one 10.2.0.4
However, when I run the same command from vm which is located in a different vnet (which is in fact peered with the APIM's private endpoint vnet), then the IP is resolved incorrectly to the public one.
Should I configure anything more except vnet peering, to have my APIM being discovered via private IP from a different vnet?
I've found the missing part.
To have that working I needed to add Virtual Private Link in Private DNS zone pointing to my second (peered) vnet.
Then everything works as expected.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 10%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Michal Jarzab Glad that you figured it out and thanks for sharing it with the community. Let us know if you have any other questions.