Use Azure Public IP With On Prem VM

Question

Use Azure Public IP With On Prem VM

Taha Yaseen 1

A Customer has an on prem Firewall that connects to an Azure Virtual Network that allows us to have an On Prem/Azure hybrid. My query is, if i was to provision a public IP address in azure, what would be the best way to route it to one of our on prem VMs through the site to site connection? I have had a look around and haven't seen any similar scenarios.

This would help me in a few ways

We have run out of public IPs locally and they are rather expensive from our provider
It would make it easier for developers to expose stuff to the outside world for lab environment

ChaitanyaNaykodi-MSFT 27,386 Reputation points Microsoft Employee Moderator

2023-07-27T23:47:50.0066667+00:00
@Taha Yaseen

Thank you for reaching out.

I am not sure if I have understood your question correctly can you please confirm below details.

prem Firewall that connects to an Azure Virtual Network

Does the customer already have a Site-Site VPN configured with the Azure? and is the on-prem firewall the VPN device in this case?

If yes, is the requirement here to route the on-prem traffic via the Site-Site VPN and then to the public IP you have provisioned in Azure?

Any clarification here will be helpful.
ChaitanyaNaykodi-MSFT 27,386 Reputation points Microsoft Employee Moderator

2023-07-29T02:04:16.17+00:00

@Taha Yaseen

Just following up here to see if you were able take a look at my comment above. Thank you!
Taha Yaseen 1 Reputation point

2023-07-31T15:56:45.0633333+00:00
@ChaitanyaNaykodi-MSFT

Does the customer already have a Site-Site VPN configured with the Azure? and is the on-prem firewall the VPN device in this case?

Customer does not have any connection to azure at the moment. I have added a diagram below for reference.

If yes, is the requirement here to route the on-prem traffic via the Site-Site VPN and then to the public IP you have provisioned in Azure?

No, we would like to redirect web traffic coming from internet on any Azure service to On Premises VMs that have private IP address.
Taha Yaseen 1 Reputation point

2023-07-31T15:57:11.45+00:00

Thankyou for your support.

5 answers

Your answer

ChaitanyaNaykodi-MSFT 27,386 Reputation points Microsoft Employee Moderator

2023-07-27T23:47:50.0066667+00:00

@Taha Yaseen

Thank you for reaching out.

I am not sure if I have understood your question correctly can you please confirm below details.

prem Firewall that connects to an Azure Virtual Network

Does the customer already have a Site-Site VPN configured with the Azure? and is the on-prem firewall the VPN device in this case?

If yes, is the requirement here to route the on-prem traffic via the Site-Site VPN and then to the public IP you have provisioned in Azure?

Any clarification here will be helpful.
ChaitanyaNaykodi-MSFT 27,386 Reputation points Microsoft Employee Moderator

2023-07-29T02:04:16.17+00:00

@Taha Yaseen

Just following up here to see if you were able take a look at my comment above. Thank you!
Taha Yaseen 1 Reputation point

2023-07-31T15:56:45.0633333+00:00

@ChaitanyaNaykodi-MSFT

Does the customer already have a Site-Site VPN configured with the Azure? and is the on-prem firewall the VPN device in this case?

Customer does not have any connection to azure at the moment. I have added a diagram below for reference.

If yes, is the requirement here to route the on-prem traffic via the Site-Site VPN and then to the public IP you have provisioned in Azure?

No, we would like to redirect web traffic coming from internet on any Azure service to On Premises VMs that have private IP address.
Taha Yaseen 1 Reputation point

2023-07-31T15:57:11.45+00:00

Thankyou for your support.

Answer 1

Konstantinos Passadis 19,496 MVP

Hello @Taha Yaseen

I think i understand your issue

The services you are looking for is either

Azure NAT Gateway for Outbound Traffic

https://learn.microsoft.com/en-us/azure/nat-gateway/nat-overview

OR

Azure Traffic Manager

https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview

Probably the second one fits your case if i understand correctly !

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards

Taha Yaseen 1 Reputation point

2023-07-31T15:59:58.4133333+00:00

@Konstantinos Passadis

Thanks for your answer, I would like to redirect incoming web traffic on azure public IP address and redirect the traffic to Virtual machines behind firewall.

Answer 2

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Answer 3

Taha Yaseen 1

Can you use any service in azure to redirect traffic coming on these IP addresses to Virtual machines running on private networks?

I am happy to proceed with any recommendations you might have.

Thanks

Answer 4

Taha Yaseen 1

@ChaitanyaNaykodi-MSFT

@Konstantinos Passadis

0000

Answer 5

Hello @Taha Yaseen

Yes the Solution is :

Create a VPN with Azure from the On Premises Firewall , type Site to Site VPN

https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

Provision a Load Balancer in Azure , type Public

https://learn.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-portal

Create a backend pool and add the virtual machine IP Addresses that you want to receive the incoming web traffic.

User's image

Create load balancing rules to define how the traffic should be routed to the VMs. Set the front-end port (e.g., port 80 for HTTP) and back-end port (the port on which your web server is listening).

OR

Create NAT Rules to redirect traffic to your VMs , it depends on the use , i can see you want Web Traffic so Load Balancing is the better option

Allow traffic from the Load Balancer to your VMs and to the Firewall , in case you pass the traffic to a Firewall first

notes : You must create Load Balancing rules on your Firewall so traffic is delivered equally if you dont have already one ....another solutions is Round Robin DNS...

Azure VPN will have the routing table in place so the n Premises IPs will be known . The Load Balancer will just send requests to a Private IP Pool ( 192.168.1.2, 1.3 , 1.4) so the VPN Gateway will send in turn the traffic to the On Premises Endpoint/Firewall.

Thats it in a High Level

We will offer any additional help , once you start ! So give it a go , with just one VM to see the drill!

I hope this helps!

0000A

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards

Share via

Use Azure Public IP With On Prem VM

5 answers

Your answer