![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 47%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 23%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
Hi @Annaladesi Venugopal (LTIMINDTREE LIMITED)
Welcome to Microsoft Q&A Platform.
As discussed on Teams, I understand that you are trying to access AI Foundry using MSFT_AZVPN and encountering a 403 error. This occurs because the AZVPN traffic is coming from a different IP, not from the virtual network or private endpoint.
Since the VPN uses dynamic IPs, adding a single public IP may work temporarily, but the issue can reoccur when the IP changes. The IP seen in the browser may not be the actual source IP reaching AI Foundry.
To identify the correct source IP, please check the Azure Diagnostics logs, where you can find the actual source IP of the incoming traffic.
Alternatively, you can:
- Add the full IP range in the AI Foundry firewall settings, or
- Reach out to the AZVPN team to obtain the complete VPN IP range and allowlist it accordingly.
Please
and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.