Can't connect to on premises Database over site2site VPN from Azure Web App

Question

I've create an app service which need to connect a database which is on my on-premises network (Oracle on Port 1521) and i used VNET integration on the app service, but still it can't connect.

To make sure it's not a Site-site problem i've create another subnet in the same Vnet with a simple VM and i was able to connect to that resource through the VPN.

I've connected the same Network Security Group and route table to both subnets.

The app serviceplan that was connected to the service was the Basic plan and according to the documentation VNET intergration should work on that plan.

If needed i can recreate the app again

Answer 1

@Ed Commandeur

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to establish a connection with VNET Integrated App Service and OnPrem server on Port 1521.

I see you have mentioned the above works with a VM with same NSG and UDR.

• One thing I would like to get clarified is why is there a UDR involved here?
• Isn't the VNet a Hub or Spoke? (in any case, you wouldn't need a UDR to route OnPremises traffic)
• If you are routing the traffic through a custom NVA, I would suggest you directly route the traffic to OnPrem and test this out.
• While the VM may work as expected, there is still a chance that the NVA is blocking the traffic from App Service Subnet.
• In case the NVA is Azure Firewall, can you check the logs and see if it's allowing or blocking.

Wrt DNS,

• Are you accessing the OnPrem server using a FQDN or IP?
• If you are using a FQDN, please make sure the DNS works fine using the Kudu : https://learn.microsoft.com/en-us/azure/app-service/resources-kudu

Cheers,

Kapil