Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to establish a connection with VNET Integrated App Service and OnPrem server on Port 1521.
I see you have mentioned the above works with a VM with same NSG and UDR.
- One thing I would like to get clarified is why is there a UDR involved here?
- Isn't the VNet a Hub or Spoke? (in any case, you wouldn't need a UDR to route OnPremises traffic)
- If you are routing the traffic through a custom NVA, I would suggest you directly route the traffic to OnPrem and test this out.
- While the VM may work as expected, there is still a chance that the NVA is blocking the traffic from App Service Subnet.
- In case the NVA is Azure Firewall, can you check the logs and see if it's allowing or blocking.
- Are you accessing the OnPrem server using a FQDN or IP?
- If you are using a FQDN, please make sure the DNS works fine using the Kudu : https://learn.microsoft.com/en-us/azure/app-service/resources-kudu