1

We have an Azure App Service Environment, which resides in a subnet in a vnet configured with both an expressroute gateway and a VPN gateway. When trying to connect an AppService outside of the ASE to the Vnet, as described here: https://learn.microsoft.com/nb-no/azure/app-service/web-sites-integrate-with-vnet, we are not able to connect, because it says the gateway is not a VPN gateway.

I suspect the GUI only picks the first gw in the list when it tries to figure out what type of gw it is.

enter image description here

Because, we do have a vpn gateway too:

enter image description here

I have a couple of questions:

  1. Is there a way to get the Portal to use the correct gateway when trying to connect from the AppService to the Vnet?
  2. If not, is there a way to do this from Powershell with the AzureRm CmdLets?
Shui shengbao
  • 18,746
  • 3
  • 27
  • 45
Erik A. Brandstadmoen
  • 10,430
  • 2
  • 37
  • 55
  • Currently, if your VNet has an experssroute gateway, you will get the prompt alarm, please check my answer. – Shui shengbao Nov 09 '17 at 08:34
  • Yes, I saw that one. You write "currently". Does this mean there are plans for supporting this in the future? Please see my question on your reply, for advices on how to handle the scenario... – Erik A. Brandstadmoen Nov 09 '17 at 14:31
  • Sorry, I am not sure. But you could check this [feedback](https://feedback.azure.com/forums/169385-web-apps/suggestions/15735625-provide-a-real-support-for-integrating-web-apps-wi). – Shui shengbao Nov 10 '17 at 01:27
  • Hi, currently, if you use site-to-site VPN. Your issue will be solved. But I suggest you could vote up this feedback. I have voted up it. Hope this function will come in the future. – Shui shengbao Nov 10 '17 at 08:29
  • 1
    We must use Expressroute to connect to the on-premises service (it't not "our" premises). The issue you refer to, kindof wants to solve this without an ASE. But ASEs are fine to us. We just want to be able to talk to the service in the ASE from a frontend, even though the service needs to talk to a on-prem service through Expressroute too. – Erik A. Brandstadmoen Nov 10 '17 at 09:10
  • Unfortunately, it is not possible... – Shui shengbao Nov 10 '17 at 09:11
  • Thanks. Yes, your answer is the answer, even if it doesn't help us :) – Erik A. Brandstadmoen Nov 14 '17 at 13:14

1 Answers1

1

Currently, it is not possible. It is a design behavior. Integrate web app with an Azure Virtual Network does not support Vnet that has an ExperssRoute Gateway. If ExperssRoute is in it, you will get the error log.

You could check the link you provided.

The VNet Integration feature does not integrate an app with a VNet that has an ExpressRoute Gateway. Even if the ExpressRoute Gateway is configured in coexistence mode the VNet Integration does not work. If you need to access resources through an ExpressRoute connection, then you can use an App Service Environment, which runs in your VNet.

Update:

If you need this function, you could vote up this feedback.

Shui shengbao
  • 18,746
  • 3
  • 27
  • 45
  • Hi, if possible, could you integrate your web app to a VNet without ExperssRoute? If you do this, I think you could select the VNet. – Shui shengbao Nov 09 '17 at 09:43
  • OK. We have an App Service (REST API) in an internal ASE that talks to On-prem via ExpressRoute. Any suggestions on how to be able to communicate with this REST Api at all from a publicly reachable App Service? – Erik A. Brandstadmoen Nov 09 '17 at 10:08
  • Please refer to this [official document](https://learn.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#accessing-on-premises-resources). If you want to webapp access your on-premise REST Api, one option is that you select Site-to-Site VPN not ExpressRoute. If your on-premise REST Api is exposed on Public Internet, you only use public IP not need use VPN connection. – Shui shengbao Nov 10 '17 at 01:25
  • @ErikA.Brandstadmoen If you really need this function, you could vote up this [feedback](https://feedback.azure.com/forums/169385-web-apps/suggestions/15735625-provide-a-real-support-for-integrating-web-apps-wi). – Shui shengbao Nov 10 '17 at 01:29