Azure Bastion over Site to Site VPN

Question

Hi,

In this link from September last year, it says that there is an IP version of bastion coming to deal with the being able to get back to your main site.

https://learn.microsoft.com/en-us/answers/questions/570744/azure-bastion-over-s2s-vpn.html

Has this been implemented yet? I can't find info related to it, and I can't comment on the link included.

Thanks!

Chris

Answer 1

Hello @Chris Yeo ,

Welcome to the Microsoft Q&A forum.

Yes, Azure Bastion IP based connection went GA on May 31st, 2022, here is the announcement. IP-based connection lets you connect to your on-premises, non-Azure, and Azure virtual machines via Azure Bastion over ExpressRoute or a VPN site-to-site connection using a specified private IP address. You can follow this documentation for implementation.

Hope this helps! Please let me know if you have any additional questions. Thank you!

Answer 2

You can connect from Azure Bastion (has to be Standard SKU directly) using the IP.

See this Tech Community article, recently released to give you a good start:

• https://techcommunity.microsoft.com/t5/itops-talk-blog/connect-to-your-on-prem-server-from-anywhere/ba-p/3565194?WT.mc_id=AZ-MVP-5004796

Please "Accept as Answer" and Upvote if the answer provided is useful, so that you can help others in the community looking for remediation for similar issues.

Answer 3

HI @Luke Murray !

I was able to get it working, but then to take it a step further, I wanted to use the RDP client from the endpoint.

This is capable to do it, but it looks like only for Azure based computers, not on prem at your office.

So it's not exactly how I hoping it would work.

The other thing to keep in mind is that you have to use UPN for user/pass if you are having connection issues.

My intention for this was to us it instead of our on prem RDP Gateway for our end users. I don't think that use case works appropriately.

I also tried this with the az tools installed locally.