Azure VPN to access US website

Satya Rekapalli 40 Reputation points

Hello ,

I am trying to access the website which was hosted in US region using the Azure VPN(us region ) but we are getting error 16 while accessing it … is there any configuration needs to be changed to the current AZure VPN client or need to create a new Azure VPN ?? If yes what is the configuration to create the new azure vpn ? To access the website which was restricted out of us region ?


Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,210 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Konstantinos Passadis 13,771 Reputation points

    Hello @Satya Rekapalli!

    Error 16 typically refers to a Cloudflare error indicating that the client IP address is blocked due to geographical restrictions or IP-based blocking. This suggests that the website you are trying to access has restrictions in place for non-US IP addresses.

    To access the website using an Azure VPN from a non-US region, you will need to configure your VPN to route traffic through a US-based IP address. You can do this by creating a new Azure VPN Gateway with a public IP address located in the US region.

    Here are the steps to create a new Azure VPN Gateway and configure it to route traffic through a US-based IP address:

    In the Azure portal, navigate to the Virtual network gateway resource for your existing Azure VPN Gateway.
    Click on the "Create gateway" button to create a new Azure VPN Gateway.
    In the "Basics" tab of the "Create virtual network gateway" wizard, select the following options:
        Gateway type: VPN
        VPN type: Route-based
        SKU: VpnGw1 (or higher, depending on your requirements)
        Virtual network: Select the virtual network where your existing Azure VPN is deployed
    In the "IP configuration" tab, select "Add IP address" and enter a name and a public IP address located in the US region.
    In the "Review + create" tab, review your configuration and click on "Create" to create the new Azure VPN Gateway.
    Once the new Azure VPN Gateway is created, you will need to update your Azure VPN client configuration to use the new gateway. To do this, update the "Remote gateway" configuration in your VPN client to use the public IP address of the new Azure VPN Gateway.
    Finally, test your VPN connection to ensure that you are able to access the website from a US-based IP address.

    Keep in mind that some websites may have additional restrictions in place beyond geographical blocking, so you may need to work with the website owner to ensure that you are able to access the website from outside of the US.

    In case this was helpful kindly mark it as Accepted!


    1 person found this answer helpful.
    0 comments No comments

  2. KapilAnanth-MSFT 28,021 Reputation points Microsoft Employee

    @Satya Rekapalli

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    You have a URL that restricts access only to US users.

    You are looking at alternative ways to access this site.

    As the URL is provided by your client, you should reach out to your client and ask them to provide access via Internet (or whatever other means you might prefer).

    • Further more, to restrict access only to US sites,
    • You should ask them to deploy the app behind an App gateway
    • And use Geomatch custom rules feature of App Gateway to only provide access to US clients.

    If the website is hosted on an Azure App Service , then you can request them to create a Private endpoint and give the Private EndPoint access to you.

    Refer to : Private Endpoints for App Service apps

    Points to Note:

    Private EndPoints will only work if you have connectivity to the VNet in which the PE is created.

    To get this,

    • You can use a VPN Gateway to connect your OnPrem to the VNet(of your client) in which the PE is created. (yellow)
    • Or if you have a Azure VNet , you can Peer your VNet and the VNet (of your client) in which the PE is created. (green)
    • User's image
    • Or you can create a PE in your Vnet (cross subscription)
    • User's image

    Kindly let us know if this helps or you need further assistance on this issue.



    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments No comments