azure
We have a Site-to-Site from our On-premise to the Azure Cloud. I added a public IP to a VM. I am able to SSH into the VM using the private IP. I want to access the public IP over the VPN & internet. I dont know what I am missing here. Please can someone help ? If I add a rule to allow Any to Any, I can access the Public IP from my network but dont want to configure it like that.
Thank you in Advance
I resolved my issue by removing NAT Policy for outbound traffic LAN to VPN.
In Azure, there are three ways to block network traffic, so we should check them:
OS firewall, we should check windows firewall settings, make sure those ports have add in the inbound rules.
NSG/endpoints. If you VM in ARM module, we should add those ports to VM's NSG inbound rules. If you VM in ASM module, we should add those ports to VM's endpoints settings.
About how to add ports to NSG, please refer to this link.
About how to add ports to endpoints, please refer to this link.
Vnet's subnets' security group. we can check in azure new portal.
Please check those settings.
Best Answer
Unless you use Azure ExpressRoute, you can only access an Azure Public IPs over the Internet, your traffic will not traverse the VPN to reach the Public IP, it will leave your location as per any other Internet bound traffic.
As you have successfully reached the VM via the VPN, we can assume that SSH and your access itself is working fine.
Therefore you should review the Network Security Group attached either to the NIC itself or attached to the Subnet in which the VM resides to ensure it allows TCP/22 (SSH) with a source IP set to be your external IP address of your location (use something like: http://whatismyip.akamai.com/ to find out) and the destination either set to the private IP address of the VM (not the public IP) or an Application Security Group of which the VM is a member.