This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 34%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
I'm attempting to connect my App Service application to my VNet such that it is not publicly accessible (no public endpoint) and only traffic from the VNet can access the endpoint. Users should be able to connect to the VNet via P2S or S2S VPN, navigate to the FQDN for the App Service app, and use the application. I've tried a variety of configurations so far without any luck:
I suspect, its DNS related, what do you get when you run a nslooup at the URL of your app service? do you get a public or do you get the proper private IP.
I needed to add a private DNS resolver to expose the private endpoint FQDNs via the Azure DNS servers. After I added this and configured it properly with an inbound link, I was able to resolve the FQDNs to their private IPs while connected over VPN, and their public IPs when disconnected from VPN.
Thanks for sharing!
You can't approve your own Answer, but I have created another answer, to approve and close this post.
Sean had issues with DNS lookup for P2S solution, he implemented DNS Resolver linked to the VNET and relevant DNS zones and he was able to resolve the App Service.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 36%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Hi Sean K
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.
Issue: App Service Private access over VNet via VPN
Solution: I needed to add a private DNS resolver to expose the private endpoint FQDNs via the Azure DNS servers. After I added this and configured it properly with an inbound link, I was able to resolve the FQDNs to their private IPs while connected over VPN, and their public IPs when disconnected from VPN.
If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.