问题
I am using Global VNet peering in Azure (2 networks in 2 different regions) and I'd like to access a VM I have in one of them from a WebApp I'd like to integrate with the other.
I have tried integrating the WebApp through a gateway and also directly without a gateway (the preview function) and I managed to see VMs from the same VNet but I am unable to access the VM from the globally peered VNet by its private IP.
Is this possible to achieve and if so, how? Thank you.
回答1:
Yes, It's possible since you could use remote gateways or allow gateway transit in globally peered virtual networks in preview, currently. The preview is available in all Azure regions, China cloud regions, and Government cloud regions. Read more details. Moreover,
Route tables and global peering are not yet available with the new VNet Integration.
So you could try to use the existing VNet integration with a VNet which has a P2S VPN gateway. To configure peering to work with your app, you could refer to peering configuration.
- Add a peering connection on the VNet your app connects to. When adding the peering connection, enable
Allow virtual network accessand checkAllow forwarded trafficandAllow gateway transit. - Add a peering connection on the VNet that is being peered to the VNet you are connected to. When adding the peering connection on the destination VNet, enable
Allow virtual network accessand checkAllow forwarded trafficandAllow remote gateways. - Go to the App Service plan > Networking > VNet Integration UI in the portal. Select the VNet your app connects to. Under the routing section, add the address range of the VNet that is peered with the VNet your app is connected to.
Please note that you must add the peered VNet address in step 3. Then sync network, you will see the address range in the IP ADDRESSES ROUTED TO VNet. In my case, my peered VNet address range is 10.0.0.0/24.
The tools ping, nslookup and tracert won’t work through the console due to security constraints. Navigate to the web app console, we can use tcpping to verify the TCP connection with its private IP address. Please check if vm does not allow incoming pings or that the network security group for the virtual machine blocks them. See more troubleshooting details here.
来源:https://stackoverflow.com/questions/55267247/azure-global-vnet-peering-and-webapps