Questions tagged as ['azure-networking']

Questions related to azure networking: Virtual Networks, Load Balancers, routes, gatewayes and vpn/expressroute
Score: 0
John Doe avatar
Can't add existing Virtual Network to Virtual network gateway in Azure
cz flag

While creating the Virtual network gateway and selecting the vnet, it says the VNet is "in use".

VNET address space is

Any idea why I'm getting this error?

enter image description here

I created a new subnet and it has no devices connected to it.

enter image description here

The connected devices are not on GatewaySubnet.

enter image description here

Score: 0
Nodnarb3 avatar
Front Door Standard/Premium (Preview) - Unable to Add Wildcard Custom Domain with SSL Certificate
ar flag

I've got an Azure FrontDoor (preveiw) Premium endpoint setup and I'm trying to add a custom wildcard domain (* so that I can use the Rule Set to direct traffic between server environments setup as origin groups.

I am using Azure DNS, and Azure KeyValut to hold the secret.

The problem I'm facing is that when adding the * custom domain, it will not let me select the wildcard c ...

Score: 0
Is there such thing as session-wide VPN?
in flag

To the best of my knowledge, VPN software shows up in the system as virtual network adapters, which seems to be system-wide. I am trying to find a VPN-like solution for enabling connectivity to a remote network which would affect only current user session, but my research shows nothing by far.

More about my case: there are multiple cloud VNets (on Azure) associated with projects. Developers, QA,  ...

Score: 0
A X avatar
Azure SQL Private Endpoint - can creating one cause downtime?
my flag

Suppose I have an Azure SQL Database Elastic Pool and I am accessing it from an Azure Web App via Firewall rules and everything is working fine.

Now suppose I want to add a new Private Endpoint to the Azure SQL Database Elastic Pool. This would NOT block access via the existing Firewall rules / access outside of the newly created Private Endpoint - is that right?

In other words, adding a Private En ...

Score: 0
thebluephantom avatar
Multiple AZURE Account tenants and a single on-site premises
cn flag
  • If I am a company with my registered account on AZURE,
    • and I want 2 separate tenants (not subscriptions),
      • that both need to connect to my single on-prem services only - not to each other, then:
        1. do I need 2 site-2site VPNs?
        2. or can we share a single site2site VPN? (I suspect so but cannot find an authoritative source).
Score: 0
Is it possible to create IPsec VPN tunnel between 2 Azure subscriptions
pk flag

I have 2 different azure subscriptions for which I want to create a VPN tunnel. The obvious choice would be to create a VNet-to-VNet tunnel but as I understand this would cost extra resources.

So I opted for an IPsec tunnel, I created the connection on both sides pointing to each other public IP of the gateway but no connection has been established.

My question: is it this technically possible or ha ...

Score: 0
bugmagnet avatar
How do I restore internet connectivity in cloned Azure VM
ke flag

We cloned a VM (with significant help from an MS tech). It now sits on and is supposed to be the new home for HOPL. However, things aren't going so well.

We've pointed to the new IP address, but when I tracert to the new address it goes nowhere. Pinging times out. Browsing times out.

When I run the Network Diagnostics from inside the VM I get the following dialog: enter image description here. Obvious ...

Score: -2
DevOps Guy avatar
How to restrict users from uploading files from Azure Virtual Desktop(AVD) to personal or public sites?
jp flag

How to restrict users from uploading files from Azure Virtual Desktop(AVD) to personal or public sites like gmail, google drive, personal onedrive, personal office365 account, dropbox, box, github, gitlab, bitbucket, azure git, etc. such site. Basically we want to restrict users from uploading files to any websites via browser or cli. Only exception should be to the sites which we want to allow. How to  ...

Score: 0 avatar
What is the right way to assign Network Contributor Role to an AKS cluster via ARM / Bicep template?
cn flag

I'm trying to configure a Load Balancer for my AKS server using Bicep/ARM. I am using the NGinx Ingress Controller in kubernetes and it does seem to work but when I first spin things up I am encountering an error.

Mainly I'm wondering what is the equivalent ARM or Bicep template for this step in the Azure documentation? ...

Score: 0
thebluephantom avatar
VNET Peering and Transit Hub
cn flag

VNET Peering:

Once virtual networks are peered, resources in both virtual networks can communicate with each other, with the same latency and bandwidth as if the resources were in the same virtual network.

So, with this diagram: enter image description here

I see that VNETs Virtual Network, VNET1, VNET2, and On-premise can all access the SQL database.



  • What say SQL 1 and SQL 2 databases exist.
    • SQL 1 DB has a Private ...
Score: 0
thebluephantom avatar
Same DNS names, private ip-addresses used over multiple AZURE Corporate Accounts
cn flag

Looking at the below: enter image description here

Here we see a single AZURE Corporate Account X. See "". You can access that from on-prem.

What if for arguments sake I had a second AZURE env. configured exactly the same - AZURE Corporate Account Y, with "".

It's theoretical, but I would like to know how the on-prem reolves this if one tries to use "azsql1.database.window ...

Score: -1
thebluephantom avatar
Address to be used to access private ipaddress for AZURE resource from on-premise
cn flag

I can see how we can make an AZURE database, say COSMOS DB, a private IP address with Private link, that is fine.

If you want to access that private link / IP address database from on-premise via site2site vpn, with a tool like Spotfire or Tableau, how do we specify the connection string that goes via the ExpressRoute or Site2SiteVPN? I cannot find any examples on that and how that occurs.

It must b ...

Score: 0
Ron Trunk avatar
Restrict access to Azure AVS management network
in flag

I am configuring an AVS instance in Azure using ExpressRoute to connect to my on-prem network. How can I add a firewall or ACL to restrict who can get the the management network? My ExpressRoute connected to a WAN cloud, so I have the enforce policy at the Azure side.

Score: 0
BlackMiracle avatar
Blocking direct access to static website on Azure Blob Storage and allow only Azure Front Door
in flag

I have an SPA webapp deployed on Azure Blob Storage which the URL is public. E.g.

I would like to use Azure Front Door with WAF to increase security. Is there a way to block direct access at the blob URL? I googled it and found many answers out there, one of them is to simply allow only AzureFrontDoor.Backend IPs at Storage Account networking configurations. I tri ...

Score: 0
Senior Systems Engineer avatar
Deploying Windows Server AD DS as IaaS (VM) in Azure?
pk flag

I'm currently seeking some advice and guidance whether deploying additional Windows Server 2019 VM in Azure to run Active Directory Domain Controller / Global Catalog in separate AD sites called 'Azure' is really have any benefits or not?

At the moment my AD domain is just single forest AD, spread across multiple geographical locations throughout Asia Pacific.

Azure AD Connect runs Password Hash Syn ...

Score: 0
Keith Stein avatar
Certificate for Azure Point-To-Site VPN via Custom HostName
ng flag

I have a feeling there's something about this I don't understand.

I have a working point-to-site VPN connection between my computer (using Windows' native rasphone component), and our Azure Virtual Network Gateway. The gateway uses a self-signed root certificate that I created, and my computer has a client certificate signed by the root which it uses to authenticate.

In the VPN configuration on my co ...

Score: 0
Cisco ASAv Ikev2 IPSec tunnel failing in phase2
id flag

We have Cisco ASAv appliance on Azure with Loadbalancer setup. while setting up IKEv2 IPSec tunnel we saw phase 1 is up and phase 2 is failing over peer ID validation, while debugging we saw that Cisco ASAv is taking private IP as peer IP rather than public IP on external interface.

Is there's a setting which can be done to fix that?

Score: 0
Sam avatar
Windows 365 Enterprise Setup
pl flag

I'm going to sign up for Windows 365 and have a few questions that will help me with my decisions.

Currently, we do have an Azure Subscription but do not have a VNET. We also use Azure Active Directory and do NOT have any on-prem network or domain controllers. So, we're 100% cloud based.

With that said, do I need Windows AD to use Windows 365? I'm just watching some of the videos and they kind of go ...

Score: 0
Need Solution for Private Peering Express Route in azure issues
id flag

I have Hub Spoke VNet Architecture and and express route attached to my hub VNet. I want to understand following points and see if there's something that can be done to solutionize this ?

  1. Since Express Route is private peering and attached to hub VNet all my VNets are published over express route, Is there's a way i can restrict what needs to be published and what not over express route from azure. ...
Score: 0
Azure Virtual Network Appliance Routing
in flag

In the diagram, we have one vnet, two subnets, and three systems.

  • Azure "IP Forwarding" is enabled on the router interfaces.
  • Routing tables are created for "trust" and "untrust" subnets
  • Static routes are created on the machines (the obscured routes are host routes to make sure I don't cut myself off)

We can see that bob is successfully pinging alice.

Despite bob's default route being the router, the ...

Score: 0
Akram Mohammed avatar
How does using an inboud NAT help in terms of security?
us flag

When creating a VM, I didn't give it a public ip address to RDP into it since that won't be secure. I made a public load balancer and added the VM to the backend pool and created an inbound nat rule with the VM as the target using port 3389.

How does using an Inbound NAT in Load balancer help in terms of security?, since it would forward all RDP's to our VM anyway making it feel as if the public  ...

Score: 1
ecnepsnai avatar
Unable to add IPv6 Address to existing Azure Network Interface
cn flag

I am unable to associate a IPv6 public address to an existing network interface for a VM.

When I try to add a secondary IP configuration for the IPv6 address I get the following error:

IP version for Public IP address and network interface IP configuration version must match.

As seen here:

enter image description here

However I believe I have everything set up correctly.

The address space on the virtual network has an IPv6 pref ...

Score: 0
Abe Mazur avatar
Azure Data Lake unreachable via UNC
br flag

Good Afternoon,

I have an Azure Data Lake (storage container) with two file shares.

Test-NetConnection to the file share over 445 is successful as well as over CommonTCPPort SMB.

When I try to map or browse the share as a drive, I get an "unable to reach "azuredatalake"".

Network Security Group rules have the correct ips and ports open.

I am able to access from an Azure-Joined machine, but not domain-join ...

Score: 0
Florian avatar
access to on premise S2S Azure connection through P2S
in flag

I have the following network configuration.

On premise network :

Azure VN :

Azure vpn gateway :

I have S2S IKEV2 connection between on premise and azure. I'm able to ping from azure server to on premise server.

I have P2S openvpn connection to Azure. Address pool is I'm able to ping from VPN Client to VN in azure but i can't ping the on premi ...