Azure Bastion over Site to Site VPN

Chris Yeo 1 Reputation point


In this link from September last year, it says that there is an IP version of bastion coming to deal with the being able to get back to your main site.

Has this been implemented yet? I can't find info related to it, and I can't comment on the link included.



Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
235 questions
{count} votes

3 answers

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 20,606 Reputation points Microsoft Employee

    Hello @Chris Yeo ,

    Welcome to the Microsoft Q&A forum.

    Yes, Azure Bastion IP based connection went GA on May 31st, 2022, here is the announcement. IP-based connection lets you connect to your on-premises, non-Azure, and Azure virtual machines via Azure Bastion over ExpressRoute or a VPN site-to-site connection using a specified private IP address. You can follow this documentation for implementation.

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    0 comments No comments

  2. Luke Murray 10,276 Reputation points MVP

    You can connect from Azure Bastion (has to be Standard SKU directly) using the IP.

    See this Tech Community article, recently released to give you a good start:

    Please "Accept as Answer" and Upvote if the answer provided is useful, so that you can help others in the community looking for remediation for similar issues.

    0 comments No comments

  3. Chris Yeo 1 Reputation point

    HI @Luke Murray !

    I was able to get it working, but then to take it a step further, I wanted to use the RDP client from the endpoint.

    This is capable to do it, but it looks like only for Azure based computers, not on prem at your office.

    So it's not exactly how I hoping it would work.

    The other thing to keep in mind is that you have to use UPN for user/pass if you are having connection issues.

    My intention for this was to us it instead of our on prem RDP Gateway for our end users. I don't think that use case works appropriately.

    I also tried this with the az tools installed locally.