I have two peered VNETs in Azure and I also have an Application Gateway in one of them. I have a couple VMs inside both VNETs and I want to access the Application Gateway from the VMs by its private IP (which is set up). This works from the VNET that the gateway resides in but I can't access it from the other peered network. I can access all the VMs between the networks by their private IPs no problem. What can I be missing? (I am not really that familiar with networking, so it can be something basic...). Thank you for any suggestion!
2
votes
do you have network security groups blocking the traffic? there shouldnt be anything preventing traffic in azure
– 4c74356b41
well, I don't have any network security group associated with any of the subnets, I have also the gateway firewall inactive, so I am not sure what could be blocking it. It is acting like the peering is somehow unable to access the subnet with the gateway, which just seems odd to me.
– roast
Ok, after I run nmap with the stealth check it tells me that the host is up, but all ports are closed and it's otherwise inaccessible. Seems like the gateway lets me access it's private interface only from the VNET it's situated in for some reason.
– roast
1 Answers
2
votes
You can check if the two peered virtual networks are located in a different region.
If you are using a Global Vnet peering(Vnet to Vnet region is different), there are some limitations that you can not use Global Vnet peering to communicate with VIPs of load balancers in another region. Application Gateway is actually a layer-7 load balancer.
Resources in one virtual network cannot communicate with the IP address of an Azure internal load balancer in the peered virtual network. The load balancer and the resources that communicate with it must be in the same virtual network.
References: How to setup Global VNet peering in Azure
