0

In my Azure subscription I have 2 peered VNETs. VNET1 has address space 10.16.0.0/16 and VNET2 has 10.250.21.0/24. I have chosen the space addresses so that they were completely different. Peering works given that a VM in VNET1 can ping a VM in VNET2.

However, from VNET 1 I can't access an App Service deployed in VNET2. I tried to access the App Service using the IP address and the private DNS name.

Network Security Groups in both VNETs seem to be fine. I'm able to change them so that basic network diagnostics work (for instance, ping).

Any suggestions please?

EDIT 1 + SOLUTION

I can say that it's solved. After peering the virtual networks, I had to "link the private DNS zones". I had a few issues with the address spaces, but nothing that a terraform destroy/apply couldn't solve.

phanxen
  • 21
  • 5
  • Hi @phanxen, are you using VNET integration solution or Private Endpoint ( vnet inegration link : https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration | Private endpoint link : https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint) – mwa Dec 14 '22 at 10:15
  • Hi @mwa, thanks for writing. I'm using Private Endpoint. I also create a Private DNS Zone for keeping using the same URLs as before. It works inside the VNET2 (for instance, I have a VM running on this virtual network, and can access the App Service). – phanxen Dec 15 '22 at 12:07
  • Did you peer the private DNS zone with VNET1 ? – mwa Dec 15 '22 at 15:15
  • 1
    Hi @mwa, Private DNS Linking (or also, "peering") was the solution. I was surprised that it was required to be done. Besides that, it was required to add the Web App's IP address (the Web App is located in VNET2) in the Private DNS Zone in the VNET1. Thank's for everything! – phanxen Dec 18 '22 at 14:58
  • Appriciate that it helps! – mwa Dec 19 '22 at 10:33

1 Answers1

0

I tried to reproduce the same in my environment and got the results like below:

I have created a vnet peering with two different space address like below:

enter image description here

Created a app service with premium p1v2 and added outbound traffic vnet integration and added a private endpoint like below:

enter image description here

Then, I created a vm and connect through bastion:

enter image description here

When I try to verify in command prompt using nslookup got result successfully like below:

enter image description here

enter image description here

Imran
  • 3,875
  • 2
  • 3
  • 12
  • Thanks @Imran, your test is slightly different from mine. I don't have 2 Web Apps on different VNETs. I have 1 Web App in VNET2, and want to access it from VNET1. Actually, I review the VNet Integration and concluded that it wouldn't work in my case. If my Web App in VNET2 was supposed to access something in VNET1, then I would enable VNet Integration for this Web App. – phanxen Dec 15 '22 at 12:22
  • Just to add an official source of information, from [Integrate your app with an Azure virtual network](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration) we have the following: _Virtual network integration doesn't enable your apps to be accessed privately_. So, yet I don't have the solution, but I'm sure about what tools not to use! :) – phanxen Dec 15 '22 at 16:50