Use Azure Public IP With On Prem VM

Taha Yaseen 1 Reputation point

A Customer has an on prem Firewall that connects to an Azure Virtual Network that allows us to have an On Prem/Azure hybrid. My query is, if i was to provision a public IP address in azure, what would be the best way to route it to one of our on prem VMs through the site to site connection? I have had a look around and haven't seen any similar scenarios.

This would help me in a few ways

  • We have run out of public IPs locally and they are rather expensive from our provider
  • It would make it easier for developers to expose stuff to the outside world for lab environment
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,313 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
914 questions
{count} votes

5 answers

Sort by: Most helpful
  1. Konstantinos Passadis 16,481 Reputation points

    Hello @Taha Yaseen

    I think i understand your issue

    The services you are looking for is either

    Azure NAT Gateway for Outbound Traffic


    Azure Traffic Manager

    Probably the second one fits your case if i understand correctly !

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!


  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. Taha Yaseen 1 Reputation point

    Can you use any service in azure to redirect traffic coming on these IP addresses to Virtual machines running on private networks?

    I am happy to proceed with any recommendations you might have.


    0 comments No comments

  4. Taha Yaseen 1 Reputation point
    0 comments No comments

  5. Konstantinos Passadis 16,481 Reputation points

    Hello @Taha Yaseen

    Yes the Solution is :

    Create a VPN with Azure from the On Premises Firewall , type Site to Site VPN

    Provision a Load Balancer in Azure , type Public

    Create a backend pool and add the virtual machine IP Addresses that you want to receive the incoming web traffic.

    User's image

    Create load balancing rules to define how the traffic should be routed to the VMs. Set the front-end port (e.g., port 80 for HTTP) and back-end port (the port on which your web server is listening).


    Create NAT Rules to redirect traffic to your VMs , it depends on the use , i can see you want Web Traffic so Load Balancing is the better option

    Allow traffic from the Load Balancer to your VMs and to the Firewall , in case you pass the traffic to a Firewall first

    notes : You must create Load Balancing rules on your Firewall so traffic is delivered equally if you dont have already one ....another solutions is Round Robin DNS...

    Azure VPN will have the routing table in place so the n Premises IPs will be known . The Load Balancer will just send requests to a Private IP Pool (, 1.3 , 1.4) so the VPN Gateway will send in turn the traffic to the On Premises Endpoint/Firewall.

    Thats it in a High Level

    We will offer any additional help , once you start ! So give it a go , with just one VM to see the drill!

    I hope this helps!


    Kindly mark the answer as Accepted and Upvote in case it helped!


    0 comments No comments