0

First of, I'm not really that much into networking stuff, so I might use wrong expressions and stuff.

My issue is that I need to connect a web app to an onpremise machine.

I've read the MS guides and have come along way, but stumble at the finish line.

So far I have created a Virtual Network (172.20.0.0/16), here I've added a GatewaySubnet (172.20.1.0/24)

Then I've created a Virtual Gateway Network, where I've added a 

Local Virtual Network [OnPremise Site-2-Site] (192.168.0.0/24, 10.0.0.0/16, 172.16.0.0/24)

So with this setup, I can connect from my VM to the onpremise machine.

Now I want to add a Web App to the Virtual Network. So on the Gateway I've added a Point-2-Site Configuration (172.21.0.0/24) and added a root cert.

On the Web App under networking I've added it to the network and it connects. But it does seem like I can reach the OnPremise machine from the code on the web app.

One thing I don't really get is, I've added the root cert on the Point-2-Site, but I've not added the Client to the web-app. Is that because it's on Azure, so I don't need it?

Or am I missing something else? If you need more info, please ask.

I've done this guide - an similar https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet

The setup I want is this https://docs.microsoft.com/en-us/azure/app-service/media/web-sites-integrate-with-vnet/vnetint-howitworks.png

MazeezaM
  • 1
  • hey. Check routing. You may need to add addresses in "IP ADDRESSES ROUTED TO VNET" https://docs.microsoft.com/en-us/azure/app-service/media/web-sites-integrate-with-vnet/vnetint-aspmanagedetail.png. You clearly have all the requirements set up. – Bruno Faria Jun 12 '18 at 06:37
  • Hey. They seems to be correct. Could it be that the S2S is and P2S isnt the same security protocol, or does that not matter? – MazeezaM Jun 13 '18 at 14:18
  • Don't think that matters. Found this - "Routing - As noted earlier the routes that are defined in your VNet are what is used for directing traffic into your VNet from your app. There are some uses though where customers want to send additional outbound traffic from an app into the VNet and for them this capability is provided. What happens to the traffic after that is up to how the customer configures their VNet." – Bruno Faria Jun 14 '18 at 06:16
  • I'm thinking that your VNET GW may be missing some configuration/static routing so that is not being captured automatically by the VNET Integration, hence why you had to add this manually. – Bruno Faria Jun 14 '18 at 06:19
  • The web app have the following settings https://ibb.co/gOKPpd - The address I'm trying to reach is 192.168.1.X - So I think it should redirect it to the VNET. And a VM in the VNET can reach the IP. Does the VNET know to redirect the address to the On-Premise network, or should i manually set it up to forward request from the WebApp network? – MazeezaM Jun 14 '18 at 06:30
  • For your issue, you can get this sentence **Note that you don't need to create certificates for the Point to Site configuration. This is automatically configured when you connect your WebApp to the VNet.** in the link you post:https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet and the paragraph link:https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#enabling-point-to-site-in-a-resource-manager-vnet. – Charles Xu Jun 20 '18 at 07:12

0 Answers0