Communicate between App Services having VNet routing

Bouke Haarsma 0 Reputation points
2023-09-28T14:40:43.0866667+00:00

I have two App Services (A & B) that live in separate subscriptions (1 & 2) as they should be logically separated. Both these App Services have separate VNet integrations to communicate with their private resources.

App Service A is a publicly accessible website.

App Service B communicates with App Service X through this VNet integration. App Service X must not be exposed to the public. So on App Service B the VNet routing table includes "Microsoft.Web", which means that traffic to App Services uses the VNet routing.

App Service B also needs to communicate with App Service A. As these App Services are logically separated, they must not have their VNets integrated. The communication between B and A should happen over the public endpoint.

The problem I'm having is that having "Microsoft.Web" in the routing table, App Service B cannot communicate with App Service A. The log table AppServiceIPSecAuditLogs has the following error:

Traffic was received via service tunneling but no private link identifier was provided.

Turning off "Microsoft.Web" in the routing table and B cannot communicate with App Service X.

How can I setup the networking configuration to achieve the separation that I want?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,761 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.