Access Web Apps Through P2S VPN

Akeem Soungie 0 Reputation points
2023-09-22T14:56:46.8766667+00:00

I'm trying to access my REST API web app that I've published only through the VPN I've set up. I've searched around here for similar questions, but haven't been able to find a solution.

As of now I have:

  • VPN setup with 10.0.0.0/16 address space with a 10.0.0.0/24 subnet space.
  • VPN Gateway with a 10.1.0.0/24 address pool that uses a self signed certificate to authenticate (I am able to successfully connect to this and it serves me a 10.1.0.2 IP address).
  • My REST API web app
  • Access restriction on
  • Private endpoint on (using the 10.0.0.0/24 subnet which gives it an Inbound address of "10.0.0.7"
  • This endpoint uses private zones which I've added a CNAME record from "my-api" to 10.0.0.7 (as suggested in a similar question thread)

I'm not very proficient with networking so I may be missing 1 small step or have something set wrong. Any help will be greatly appreciated. Thanks.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,513 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 25,691 Reputation points Microsoft Employee
    2023-09-23T02:10:59.7933333+00:00

    @Akeem Soungie

    Thank you for reaching out to, I understand you are unable to connect to a REST API Web App from your on-prem devices. The VPN connection is successful, and you have set-up a private endpoint for your web app with private DNS Zones.

    Based on the points above, I think you need to set-up Vnet integration for the web app for outbound connectivity as documented here Private endpoint is only used for incoming traffic to your app. Outgoing traffic won't use this private endpoint. You can inject outgoing traffic to your network in a different subnet through the virtual network integration feature.

    Apart from this you can also check if there is any DNS resolution issue for the web app. A quick way to isolate this issue is to create a VM with the virtual network of the web app and try and resolve the API the web app should successfully resolve the uisng the private DNS zone. For on-prem devices I think you will have to implement an Azure private DNS resolver in your set-up. Azure DNS Private Resolver is a new service that enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM based DNS servers.
    You can take a look at this guideline to help with DNS resolution. You can also take a look at this Architecture to understand how private DNS resolver works.

    Additionally, you can also take a look at this tutorial which implements a similar scenario as yours using Azure private DNS resolver.

    Hope this helps! Please let me know if you have any additional questions. Thank you!


    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.