I've found the missing part.
To have that working I needed to add Virtual Private Link in Private DNS zone pointing to my second (peered) vnet.
Then everything works as expected.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello Community,
We have crated APIM service, which is publicly accessible from the Internet (APIM -> Network -> Virtual Network set to None).
Our goal is to have the APIM service to be accessible from the Internet to external clients, however to our internal departments it should be accessed via Internal network private IP address.
For this purpose we have configured Private Link on APIM service and established vnet peering between vnet for our internal department and vnet where APIM's private endpoint is created (additional NIC interface).
Our problem is that whenever we try to reach APIM's gateway from an internal department's VM, the public IP of APIM is resolved instead the private one (10.2.0.4 - NIC interface IP of private endpoint).
When we execute nslookup <APIM_name>.azure-api.net
we can see that private DNS zone is used to resolve the IP, however the IP is resolved to public one, instead of private one....
The result of nslookup <APIM_name>.azure-api.net
command is:
<apim_name>.azure-api.net canonical name = <apim_name>.privatelink.azure-api.net.
<apim_name>.privatelink.azure-api.net canonical name = <some_random_string>.trafficmanager.net.
<some_random_string>.trafficmanager.net canonical name = <apim_name>-westeurope-01.regional.azure-api.net.
<apim_name>-westeurope-01.regional.azure-api.net canonical name = <some_random_string>.westeurope.cloudapp.azure.com.
Name:<some_random_string>.westeurope.cloudapp.azure.com
Address: 20.X.X.X
The expected result by us would be the private IP resolved
**Address: 10.2.0.4
**
Can someone please explain what we are doing wrong?
I've found the missing part.
To have that working I needed to add Virtual Private Link in Private DNS zone pointing to my second (peered) vnet.
Then everything works as expected.