The solution ended up being resolved with using another host as a DNS server that redirected the IP called by a host connected to the VPN, to the private endpoint
Azure SQL Access Through VPN
I am wanting to configure my Azure SQL Server to only be accessible through the VPN Gateway. Is this possible? I've read through much documentation to affirm this and I cannot find a direct solution.
2 additional answers
Sort by: Most helpful
-
RaviVarmanMSFT 626 Reputation points Microsoft Employee
2021-05-28T14:50:37.743+00:00 You want to restrict Azure SQL server access only via the VPN gateway i.e traffic from onprem to reach SQL server via private network not via public network.
You can achieve it via Site to Site or Point to site connectivity.
Site to Site connectivity between Onprem to Azure need to be in place.
https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portalOr
Point to site connectivity between Onprem to Azure need to be in place.
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-rm-psCreate private endpoint for your SQL server to enable private connectivity.
https://learn.microsoft.com/en-us/azure/private-link/tutorial-private-endpoint-sql-portal.For Site to site connectivity, on-premises workloads to resolve the FQDN of a private endpoint, use a DNS forwarder to resolve the Azure service public DNS zone in Azure.
https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarderOr
For Point to site connectivity, have an Host entry on the client machine for the FQDN of SQL(Ex:SQLsevername.privatelink.database.windows.net) pointing to the Private endpoint IP.
Deny public network access under Firewalls and virtual networks of SQL server.
https://learn.microsoft.com/en-gb/azure/azure-sql/database/connectivity-settings#deny-public-network-access.Once the setup is in place then from onprem(S2S)/Client machine (P2S) you should be able to access the Azure SQL server via VPN gateway
Hope this was helpful. Please let us know in case of any additional questions or concerns.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
-
Hector Robles 96 Reputation points
2021-06-02T18:03:56.567+00:00 I setup P2S config with the VPN and the private link works in SSMS when Im connected to the VPN. But when Im NOT connected to the VPN and use the private link, I can STILL connect to the SQL server through SSMS. I do not want to be able to connect to the sql server through SSMS if Im NOT on the VPN. It prompts me to add a VPN rule to allow my machine's IP. I do not want to be able to connect at all without being connected to the VPN.