locked
Azure site to site VPN RRS feed

  • Question

  • We have a customer using Azure Site to Site VPN. They wanted to know if there are specific IPs for their cloud vault to  configure their local device to connect to.

    If their cloud server is configured with the VPN? Or is the answer as simple as telling them their own IP Ranges they provided to us for the Azure.
    10:48 PM
    Note: cloud vault is our own application we hosted in Azure cloud service.

    Senthil Kumar.V

    Friday, December 29, 2017 9:36 PM

All replies

  • Hi Senthil, 

    If I understand correctly, are you asking if your customers need to allow specific rules to connect to the cloud applications(cloud vault) ? Or is it something else ?
    This documentation is specific to Site-to-site connection: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal , if your client is using VPN to be still in the same existing network, they won't have to add anything. Let me know if this is what specifically you were asking about. 

    Adam

    Friday, December 29, 2017 10:14 PM
  • Hi,

    Cloud vault application is hosted in our azure network and our Customer using site to site VPN , if they need to access our azure cloud service where the cloud vault hosted.

    Do they need to add any ipaddress range in site to site VPN or ???


    Senthil Kumar.V



    • Edited by visenthil Friday, December 29, 2017 10:26 PM
    Friday, December 29, 2017 10:24 PM
  • Ah I see, no need for them to add any IPs. Site to site will only allow them to expand their current network to access the second site via a private connection(Azure Cloud), so nothing that would impact accessing the cloud application, this is unless if they change their firewall settings. I hope this answers your question. 

    Adam


    Friday, December 29, 2017 10:34 PM
  • We have a customer using Azure Site to Site VPN. They wanted to know if there are specific IPs for their cloud vault to configure their local device to connect to. I know in general we only have the Azure published IP address range https://www.microsoft.com/en-us/download/details.aspx?id=41653 which changes arbitrarily

     

    Is this true also if their cloud server is configured with the VPN? Or is the answer as simple as telling them their own IP Ranges they provided to us for the Azure network?

     

    Senthil Kumar.V

    Friday, December 29, 2017 10:42 PM
  • The first one would still be valid (Microsoft Azure Datacenter IP Ranges), They need to make sure these are accessible.  Can you give me more context ? 1 - Are your clients accessing your app (cloud vault) via a server hosted in the cloud ? Or is that the future option? 2- Are they currently connecting from their local network into the cloud vault ? 3- is your concern: Client is trying to connect to a server via site to site VPN, then from there connect to cloud Vault? 

    Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPNtunnel.  if you currently have to add IP’s/Subnests to allow access to your cloud vault, yes you will need to add their IP ranges, if you currently don’t, you don’t need to add anything. It depends on how the access policies on your app are setup etc..

    Friday, December 29, 2017 11:04 PM
  • Yes, they accessing our app (cloud vault) via a server hosted in the cloud .

    Senthil Kumar.V

    Friday, December 29, 2017 11:08 PM
  • I see, they might have to configure outgoing rules on the cloud server containing UDP or TCP ports that your application requires, this is of course if they configure a firewall and restrict all connections to the server, otherwise they'll be good to go. 
    Friday, December 29, 2017 11:36 PM