Share via

Access an external MySQL database through VPN Public IP

Federico Busso 1 Reputation point
2022-02-08T05:01:26.823+00:00

Hello!

We have an external Database resource that requires us to provide one(or more) public IPs for whitelisting whilst they provide us with an IP to access the database (plus login data).

For this, our thought was to create a Virtual Network with a VPN Gateway to allow us to provide a single Public IP address which should allow everyone connected to the VPN (with internal private addresses) to access this resource. Upon further reading, I don't think this will work the way we want it to since the VPN Gateway will only allow us to access resources inside of the virtual network.

A workaround for this would be to assign a public IP to a VM, and access that resource from there. But is there any method for us to both provide our client with the correct public IP and allow us to access this resource through an internal VPN?

Thanks in advance.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,786 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,762 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vidya Narasimhan 2,126 Reputation points Microsoft Employee
    2022-02-08T14:45:47.87+00:00

    @Federico Busso A recommended option is to use NAT Gateway https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-gateway-resource
    Other option is to use load balancer with outbound rules. All options are described here https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections

    0 comments
  2. SaiKishor-MSFT 17,336 Reputation points
    2022-02-08T22:14:28.2+00:00

    @Federico Busso Thank you for reaching out to Microsoft Q&A. If I understand you correctly, below is your requirement:

    172373-2022-02-08-14-04-42-untitled-paint.png

    That is, you want both internal and external access to this DB from the Azure Cloud, please correct me otherwise. If you setup a S2S VPN to your Datacenter(DC) where the DB is located, you can access the same using its Private IP and vice-versa i.e., the DC or on-premises can also access the VMs using their Private IPs via the S2S VPN. At the same time, when the VM tries to access the DB using its Public IP, the traffic can be routed through the internet directly. This is if the routing is setup appropriately on both sides i.e., it is not routing all traffic through the VPN.

    At the same time, you need to make sure DNS is setup as needed to be able to resolve the IPs correctly to the Public/Private IPs respectively. Please refer to this document for setting up DNS.

    Hope this helps. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.