How can I connect an azure app service plan to a vnet which is also connected through peering to another vnet
up vote
0
down vote
favorite
I am trying to seup this hub-spoke toplogy where I have a hub vnet connected to an expressroute circuit https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke
I have another VNET (lets call it the app vnet) set up with peering to this hub VNET where I can create a virtual machine and ping resources on the other end of just fine using the remote gateway setting on the peering.
The problem is by using remote gateway, my app vnet cannot have its own gateway, and so I cannot integrate an app service plan with the vnet.
Is there another way I could accomplish this?
azure networking azure-virtual-network vnet asked Nov 8 at 18:02
Zach
60911028
add a comment |
up vote
0
down vote
favorite
I am trying to seup this hub-spoke toplogy where I have a hub vnet connected to an expressroute circuit https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke
I have another VNET (lets call it the app vnet) set up with peering to this hub VNET where I can create a virtual machine and ping resources on the other end of just fine using the remote gateway setting on the peering.
The problem is by using remote gateway, my app vnet cannot have its own gateway, and so I cannot integrate an app service plan with the vnet.
Is there another way I could accomplish this?
azure networking azure-virtual-network vnet asked Nov 8 at 18:02
Zach
60911028
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am trying to seup this hub-spoke toplogy where I have a hub vnet connected to an expressroute circuit https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke
I have another VNET (lets call it the app vnet) set up with peering to this hub VNET where I can create a virtual machine and ping resources on the other end of just fine using the remote gateway setting on the peering.
The problem is by using remote gateway, my app vnet cannot have its own gateway, and so I cannot integrate an app service plan with the vnet.
Is there another way I could accomplish this?
azure networking azure-virtual-network vnet asked Nov 8 at 18:02
Zach
60911028
I am trying to seup this hub-spoke toplogy where I have a hub vnet connected to an expressroute circuit https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke
I have another VNET (lets call it the app vnet) set up with peering to this hub VNET where I can create a virtual machine and ping resources on the other end of just fine using the remote gateway setting on the peering.
The problem is by using remote gateway, my app vnet cannot have its own gateway, and so I cannot integrate an app service plan with the vnet.
Is there another way I could accomplish this?
azure networking azure-virtual-network vnet azure networking azure-virtual-network vnet asked Nov 8 at 18:02
Zach
60911028
asked Nov 8 at 18:02
Zach
60911028
asked Nov 8 at 18:02
Zach
60911028
asked Nov 8 at 18:02
Zach
60911028
asked Nov 8 at 18:02
Zach
60911028
60911028
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
1
down vote
I would like to suggest setting up a VNet-to-VNet VPN gateway connection instead of Vnet peering between hub vNet and app vNet. If so, Each of vNet will have their own gateway. The App vNet will be integrated with your web app. You need to ensure that the address prefixes don’t overlap among all the connected networks.
Update
Perhaps you can use the new preview VNet Integration.
There is a new version of the VNet Integration capability that doesn't
depend on Point-to-Site VPN technology. Unlike the pre-existing
feature, the new Preview feature will work with ExpressRoute and
Service Endpoints.
The new version is in Preview and has the following characteristics.
No gateway is required to use the new VNet Integration feature You can
access resources across ExpressRoute connections without any
additional configuration beyond integrating with the ExpressRoute
connected VNet. The app and the VNet must be in the same region
...
Ref: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#new-vnet-integration
answered Nov 9 at 2:29
Nancy Xiong
2,163116
When I tried this approach, I could not connect to things outside of the gateway.
– Zach
Nov 9 at 20:23
Have an update. Perhaps you can try the new version of VNET integration if you are still facing this issue.
– Nancy Xiong
Nov 21 at 6:30
add a comment |
up vote
0
down vote
The limitation that you are encountering is from the Vnet gateway perspective. Using remote gateway over peering handicaps one from deploying the Gateway in that Vnet.
The alternative as suggested by @nancy should do the trick. But, you will have to incur the cost of having the gateway. Secondly, this will require a co-existence set-up.
That is you will have to deploy another VPN gateway:
Change of reference:
VNET-HUB (Your hub VNET with ExR)
VNET-SPOKE1 (Current peered as referred to as your Application VNet)
Your VNET-HUB has an ExR gateway, it needs to have another VPN gateway.
Your VNET-SPOKE1 needs to have a VPN gateway deployed as well.
Allowing for the VNET-HUB to talk to the App Service Environment that you would integrate via point-to-site.
Note: The On-premise will not be able to access the App VNet as we can't have a Point-to-site co-exist with Express Route.
I hope this has provided an insight into the limitations.
References/good reads:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-routing- https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-classic
- https://docs.microsoft.com/en-us/azure/expressroute/expressroute-faqs
- https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-network-configuration-expressroute
edited Nov 11 at 11:42
Madhur Bhaiya
18.8k62236
answered Nov 11 at 11:33
Capt. Cherry ex- MSFT
311
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
I would like to suggest setting up a VNet-to-VNet VPN gateway connection instead of Vnet peering between hub vNet and app vNet. If so, Each of vNet will have their own gateway. The App vNet will be integrated with your web app. You need to ensure that the address prefixes don’t overlap among all the connected networks.
Update
Perhaps you can use the new preview VNet Integration.
There is a new version of the VNet Integration capability that doesn't
depend on Point-to-Site VPN technology. Unlike the pre-existing
feature, the new Preview feature will work with ExpressRoute and
Service Endpoints.
The new version is in Preview and has the following characteristics.
No gateway is required to use the new VNet Integration feature You can
access resources across ExpressRoute connections without any
additional configuration beyond integrating with the ExpressRoute
connected VNet. The app and the VNet must be in the same region
...
Ref: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#new-vnet-integration
answered Nov 9 at 2:29
Nancy Xiong
2,163116
When I tried this approach, I could not connect to things outside of the gateway.
– Zach
Nov 9 at 20:23
Have an update. Perhaps you can try the new version of VNET integration if you are still facing this issue.
– Nancy Xiong
Nov 21 at 6:30
add a comment |
up vote
1
down vote
I would like to suggest setting up a VNet-to-VNet VPN gateway connection instead of Vnet peering between hub vNet and app vNet. If so, Each of vNet will have their own gateway. The App vNet will be integrated with your web app. You need to ensure that the address prefixes don’t overlap among all the connected networks.
Update
Perhaps you can use the new preview VNet Integration.
There is a new version of the VNet Integration capability that doesn't
depend on Point-to-Site VPN technology. Unlike the pre-existing
feature, the new Preview feature will work with ExpressRoute and
Service Endpoints.
The new version is in Preview and has the following characteristics.
No gateway is required to use the new VNet Integration feature You can
access resources across ExpressRoute connections without any
additional configuration beyond integrating with the ExpressRoute
connected VNet. The app and the VNet must be in the same region
...
Ref: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#new-vnet-integration
answered Nov 9 at 2:29
Nancy Xiong
2,163116
When I tried this approach, I could not connect to things outside of the gateway.
– Zach
Nov 9 at 20:23
Have an update. Perhaps you can try the new version of VNET integration if you are still facing this issue.
– Nancy Xiong
Nov 21 at 6:30
add a comment |
up vote
1
down vote
up vote
1
down vote
I would like to suggest setting up a VNet-to-VNet VPN gateway connection instead of Vnet peering between hub vNet and app vNet. If so, Each of vNet will have their own gateway. The App vNet will be integrated with your web app. You need to ensure that the address prefixes don’t overlap among all the connected networks.
Update
Perhaps you can use the new preview VNet Integration.
There is a new version of the VNet Integration capability that doesn't
depend on Point-to-Site VPN technology. Unlike the pre-existing
feature, the new Preview feature will work with ExpressRoute and
Service Endpoints.
The new version is in Preview and has the following characteristics.
No gateway is required to use the new VNet Integration feature You can
access resources across ExpressRoute connections without any
additional configuration beyond integrating with the ExpressRoute
connected VNet. The app and the VNet must be in the same region
...
Ref: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#new-vnet-integration
answered Nov 9 at 2:29
Nancy Xiong
2,163116
I would like to suggest setting up a VNet-to-VNet VPN gateway connection instead of Vnet peering between hub vNet and app vNet. If so, Each of vNet will have their own gateway. The App vNet will be integrated with your web app. You need to ensure that the address prefixes don’t overlap among all the connected networks.
Update
Perhaps you can use the new preview VNet Integration.
There is a new version of the VNet Integration capability that doesn't
depend on Point-to-Site VPN technology. Unlike the pre-existing
feature, the new Preview feature will work with ExpressRoute and
Service Endpoints.
The new version is in Preview and has the following characteristics.
No gateway is required to use the new VNet Integration feature You can
access resources across ExpressRoute connections without any
additional configuration beyond integrating with the ExpressRoute
connected VNet. The app and the VNet must be in the same region
...
Ref: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#new-vnet-integration
answered Nov 9 at 2:29
Nancy Xiong
2,163116
edited Nov 21 at 6:39
answered Nov 9 at 2:29
Nancy Xiong
2,163116
answered Nov 9 at 2:29
Nancy Xiong
2,163116
answered Nov 9 at 2:29
Nancy Xiong
2,163116
2,163116
When I tried this approach, I could not connect to things outside of the gateway.
– Zach
Nov 9 at 20:23
Have an update. Perhaps you can try the new version of VNET integration if you are still facing this issue.
– Nancy Xiong
Nov 21 at 6:30
add a comment |
When I tried this approach, I could not connect to things outside of the gateway.
– Zach
Nov 9 at 20:23
Have an update. Perhaps you can try the new version of VNET integration if you are still facing this issue.
– Nancy Xiong
Nov 21 at 6:30
When I tried this approach, I could not connect to things outside of the gateway.
– Zach
Nov 9 at 20:23
When I tried this approach, I could not connect to things outside of the gateway.
– Zach
Nov 9 at 20:23
Have an update. Perhaps you can try the new version of VNET integration if you are still facing this issue.
– Nancy Xiong
Nov 21 at 6:30
Have an update. Perhaps you can try the new version of VNET integration if you are still facing this issue.
– Nancy Xiong
Nov 21 at 6:30
add a comment |
up vote
0
down vote
The limitation that you are encountering is from the Vnet gateway perspective. Using remote gateway over peering handicaps one from deploying the Gateway in that Vnet.
The alternative as suggested by @nancy should do the trick. But, you will have to incur the cost of having the gateway. Secondly, this will require a co-existence set-up.
That is you will have to deploy another VPN gateway:
Change of reference:
VNET-HUB (Your hub VNET with ExR)
VNET-SPOKE1 (Current peered as referred to as your Application VNet)
Your VNET-HUB has an ExR gateway, it needs to have another VPN gateway.
Your VNET-SPOKE1 needs to have a VPN gateway deployed as well.
Allowing for the VNET-HUB to talk to the App Service Environment that you would integrate via point-to-site.
Note: The On-premise will not be able to access the App VNet as we can't have a Point-to-site co-exist with Express Route.
I hope this has provided an insight into the limitations.
References/good reads:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-routing- https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-classic
- https://docs.microsoft.com/en-us/azure/expressroute/expressroute-faqs
- https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-network-configuration-expressroute
edited Nov 11 at 11:42
Madhur Bhaiya
18.8k62236
answered Nov 11 at 11:33
Capt. Cherry ex- MSFT
311
add a comment |
up vote
0
down vote
The limitation that you are encountering is from the Vnet gateway perspective. Using remote gateway over peering handicaps one from deploying the Gateway in that Vnet.
The alternative as suggested by @nancy should do the trick. But, you will have to incur the cost of having the gateway. Secondly, this will require a co-existence set-up.
That is you will have to deploy another VPN gateway:
Change of reference:
VNET-HUB (Your hub VNET with ExR)
VNET-SPOKE1 (Current peered as referred to as your Application VNet)
Your VNET-HUB has an ExR gateway, it needs to have another VPN gateway.
Your VNET-SPOKE1 needs to have a VPN gateway deployed as well.
Allowing for the VNET-HUB to talk to the App Service Environment that you would integrate via point-to-site.
Note: The On-premise will not be able to access the App VNet as we can't have a Point-to-site co-exist with Express Route.
I hope this has provided an insight into the limitations.
References/good reads:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-routing- https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-classic
- https://docs.microsoft.com/en-us/azure/expressroute/expressroute-faqs
- https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-network-configuration-expressroute
edited Nov 11 at 11:42
Madhur Bhaiya
18.8k62236
answered Nov 11 at 11:33
Capt. Cherry ex- MSFT
311
add a comment |
up vote
0
down vote
up vote
0
down vote
The limitation that you are encountering is from the Vnet gateway perspective. Using remote gateway over peering handicaps one from deploying the Gateway in that Vnet.
The alternative as suggested by @nancy should do the trick. But, you will have to incur the cost of having the gateway. Secondly, this will require a co-existence set-up.
That is you will have to deploy another VPN gateway:
Change of reference:
VNET-HUB (Your hub VNET with ExR)
VNET-SPOKE1 (Current peered as referred to as your Application VNet)
Your VNET-HUB has an ExR gateway, it needs to have another VPN gateway.
Your VNET-SPOKE1 needs to have a VPN gateway deployed as well.
Allowing for the VNET-HUB to talk to the App Service Environment that you would integrate via point-to-site.
Note: The On-premise will not be able to access the App VNet as we can't have a Point-to-site co-exist with Express Route.
I hope this has provided an insight into the limitations.
References/good reads:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-routing- https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-classic
- https://docs.microsoft.com/en-us/azure/expressroute/expressroute-faqs
- https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-network-configuration-expressroute
edited Nov 11 at 11:42
Madhur Bhaiya
18.8k62236
answered Nov 11 at 11:33
Capt. Cherry ex- MSFT
311
The limitation that you are encountering is from the Vnet gateway perspective. Using remote gateway over peering handicaps one from deploying the Gateway in that Vnet.
The alternative as suggested by @nancy should do the trick. But, you will have to incur the cost of having the gateway. Secondly, this will require a co-existence set-up.
That is you will have to deploy another VPN gateway:
Change of reference:
VNET-HUB (Your hub VNET with ExR)
VNET-SPOKE1 (Current peered as referred to as your Application VNet)
Your VNET-HUB has an ExR gateway, it needs to have another VPN gateway.
Your VNET-SPOKE1 needs to have a VPN gateway deployed as well.
Allowing for the VNET-HUB to talk to the App Service Environment that you would integrate via point-to-site.
Note: The On-premise will not be able to access the App VNet as we can't have a Point-to-site co-exist with Express Route.
I hope this has provided an insight into the limitations.
References/good reads:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-routing- https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-classic
- https://docs.microsoft.com/en-us/azure/expressroute/expressroute-faqs
- https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-network-configuration-expressroute
edited Nov 11 at 11:42
Madhur Bhaiya
18.8k62236
answered Nov 11 at 11:33
Capt. Cherry ex- MSFT
311
edited Nov 11 at 11:42
Madhur Bhaiya
18.8k62236
edited Nov 11 at 11:42
Madhur Bhaiya
18.8k62236
edited Nov 11 at 11:42
Madhur Bhaiya
18.8k62236
18.8k62236
answered Nov 11 at 11:33
Capt. Cherry ex- MSFT
311
answered Nov 11 at 11:33
Capt. Cherry ex- MSFT
311
answered Nov 11 at 11:33
Capt. Cherry ex- MSFT
311
311
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53213624%2fhow-can-i-connect-an-azure-app-service-plan-to-a-vnet-which-is-also-connected-th%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
