Share via

website not loading while connect p2s vpn

Abhinand MS 20 Reputation points
2025-09-12T06:13:07.7966667+00:00

website not loading while connect p2s vpn, only our public is not loading

Azure VPN Gateway
Azure VPN Gateway

An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.

Answer accepted by question author

Anonymous
2025-09-12T10:00:23.3166667+00:00

Hello @**Abhinand MS,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand your question about the public website not loading when connected to the Point-to-Site (P2S) VPN could be caused by forced tunneling behavior or platform limitations in the Azure VPN Gateway setup.

With forced tunneling enabled, outbound traffic including traffic destined for the Internet is directed through your on-premises VPN gateway rather than Azure’s Internet interface. If your on-premises gateway restricts Internet access, public websites, including your own, might be inaccessible or incorrectly routed.

Azure’s standard VPN Gateway does not allow Internet egress when P2S forced tunneling is enabled.

Any traffic destined for the Internet is dropped by the gateway and Azure Firewall does not apply SNAT (Source Network Address Translation) to this traffic. Adding a 0.0.0.0/0 route to provide full Internet access via the VPN is not supported in this setup.

Standard Troubleshooting Procedures:

1.       Make sure your VPN client is set up properly and that all necessary certificates are installed.
2. If you're using forced tunneling, check that your on-premises gateway permits outbound Internet access. If suitable, try enabling split tunneling so that public traffic goes around the VPN.

Kindly let us know if the above helps or you need further assistance on this issue.

Please do not forget to "Accept the answer” and “up-vote it” wherever the information provided helps you, this can be beneficial to other community members__.__ It would be greatly appreciated and helpful to others.

Was this answer helpful?

0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michele Ariis 7,215 Reputation points MVP Volunteer Moderator
    2025-09-12T06:16:45.0066667+00:00

    Hi, likely split-tunnel/DNS hairpin, not “the site is down”: when you connect P2S your client either (a) resolves your domain to a private IP via a Private DNS zone/PE, or (b) sends traffic for the site’s public IP through the VPN (forced tunneling/0.0.0.0/0) and your NVA/WAF blocks or can’t hairpin/NAT it. Quick checks on the client while VPN is ON: nslookup yourdomain.tld → if PRIVATE IP, fix DNS scope (unlink that private zone from the P2S VNet or add a conditional forwarder so VPN clients use public DNS for that FQDN); if PUBLIC IP, run tracert <public_ip> → if first hop is the VPN, you’re force-tunneling: either switch P2S to split-tunnel (advertise only private prefixes, no 0/0), or keep forced-tunnel but allow/SNAT that egress on your firewall, or add a route exclusion for the site’s public IP on the client (temporary: route add <public_ip> mask 255.255.255.255 <LAN_gateway> metric 5). Also check App Service/Front Door/WAF access restrictions that might block the VPN egress IP.

    Was this answer helpful?

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.