I need to access some local network resources from a webapi running as an appservice.
For reasons, our local network gateway (Cisco ASA something) requires what in classic vnet lingo was called static routing and in the new RM lingo is called policy based routing. I don't have the option of using hybrid connection.
Unfortunately Azure's point-to-site VPN for connecting AppServices to VNETs requires route based routing.
So I ended up with the setup shown below.
From a VM in vnets 1 and 3 I can access resources in the local network. From a VM in vnet 2 I can access resources in vnets 1 and 3, but not local network. From the webapi (AppService) I can access resources in vnet2, but nothing in vnet1, 3 or local network.
I'm unable to turn on "allow gateway transition" since that requires the peer vnet not to have an existing gateway and it was also not allowed on static/policy based gateways.
What I want is either to allow the AppService direct access to local netowrk, or access via a proxy installed in a vnet. Any ideas?
I can make the jumb by having the API (AppService) call an api acting as a proxy running on a VM in vnet 2 call an api acting as a proxy running in vnet 1 (or 3) which calls the resource in the local network. But there got to be a better way.