Configure app service to connect to VNet in different region over a peer?

Archer252 21 Reputation points
2021-03-02T09:43:32.947+00:00

Hi

I have a test environment with two peered VNets in different (paired) regions, South and West, and I also have an Azure web app which is integrated to the VNet in South - as it's a standard Regional integration, this only allows access to resources in South.

What i need is for the webapp to access resources in both VNets. I guess this means I need 'gateway-required VNet integration' but the documentation I've seen on this only seems to reference integrating the webapp to a VNet in a different region, which is not what I want to do, I still want it integrated to South but with the ability to access West. Can anyone help with how this should be set up?

I know this is possible because in our live environment we have a webapp in South integrated to a VNet in South which can successfully ping our VMs in West. The only difference i can see there is that the live South VNet has a Virtual Network Gateway on it, although it's not used to connect to West at all, it's just used for us to connect to our on-prem offices. Does the VNG just need to exist on the VNet and that's enough?

thanks

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,180 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,958 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. suvasara-MSFT 10,011 Reputation points
    2021-03-02T11:00:56.767+00:00

    @IanCarter-8179, You can’t reach resources across global peering connections. When you configure the VNET integration, your WebApp will get private IP from the VNET. App Service will be able to communicate with a VM in the vNET or another vNET peered in the same region. Only WebApp can initiate communication to a VM but a VM cannot initiate a communication using VNET integration.

    Here,

    1. If you use peering with the regional VNet Integration, you don't need to do any additional configuration.
    2. If you use gateway-required VNet Integration with peering, you need to configure a few additional items. To configure peering to work with your app as mentioned in the below doc,

    Ref: https://learn.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#peering

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.