Azure VMs with different Virtual Networks can communicate with each other without peering

Question

Hello,

VM1 Private IP address = 10.2.1.4.
Virtual network/subnet: MarketingVNet/Apps.

MarketingVNet Address space: 10.2.0.0/16
Subnet Apps Address space: 10.2.1.0/24

VM2 Private IP address = 10.1.1.4
Virtual network/subnet: SalesVNet/Apps.

SalesVNet Address space: 10.1.0.0/16
Subnet Apps Address space: 10.1.1.0/24

Problem: Even both VMs are in different Virtual networks they both can SSH to each other without peering. I am checking connectivity from Cloud Shell.

Do anyone know why?

Exercise from:
https://learn.microsoft.com/en-us/learn/modules/integrate-vnets-with-vnet-peering/3-exercise-prepare-vnets-for-peering-using-azure-cli-commands

Answer 1

Hello @Anonymous ,
Thanks for posting your query on Microsoft QnA.
From this learn module, you are creating two different VMs - SalesVM and MarketingVM and both VMs get a public IP assigned and by default a NSG rule allowing SSH connections to port 22 from "Any" Source gets created. This is the reason why you are able to ssh between both these VMs using the public IP because Any public IP can reach your VM, unless you filter it accordingly.
If you try to SSH between both these VMs using the public IP you will be successfully able to SSH, but if you try doing the same with private IP, you won't be able to SSH. That is when peering will help.
Please refer to the below image to see the default SSH rule that gets created when you create the VMs via cloud shell.

I hope this clears your understanding.

------------------------------------------

Please don't forget to "Accept as Answer" and "Upvote" and if you think my response was helpful.