Dears,
Can you help me out with the following situation, please?
In the company I'm working for, we connected our on-premise network to a VNET using a site-to-site (with Meraki) VPN connection. So far, looks good, and we are able to reach private IPs from our on-premise machine. Via the internet, we are also able to mount SMB file shares directly using the UNC path, as the machines are domain-joined and the storage account has active directory with kerberos enabled.
Our goal is to block the internet for these machines, forcing all the integrations with Azure to go through the VPN tunnel, so, for this
- I created a private link for the storage account and linked to the respective VNET
- Deployed an Azure DNS private resolver, to resolve the storage account URL to the private link
- Pointed the Azure DNS private resolver inbound IP to our Meraki DNS configuration
Performing a nslookup on ourstorage.file.core.windows.net seems to be resolving to the private link and private IP on the respective machine, but does not connect when the internet is blocked. It just keeps loading something for a long time and then throws a network connectivity error or credentials windows.
The following commands return success and it shows the private ip:
tnc ourstorage.file.core.windows.net -p 445
It is like to be able to work some endpoint needs to be whitelisted for the internet, but so far, no luck in identifying.
Is there any limitation to achieving what we are trying to do?
Thanks in advance
I've opened a thread on the Microsoft forum, and there are other inputs there with what I already tried https://learn.microsoft.com/en-us/answers/questions/1355138/issues-about-storage-private-link-and-vpn-s2s-conn
