We need a configuration set up exactly like the one described by the diagram in this support document. However, we already have the bottom right 2/3 configured, and it is not clear to me how the Point-to-site VPN should be configured:
Our Azure VMs and our on-premises machines share a VNet, connected via a site-to-site route-based VPN tunnel. We want to add our App Services to that VNet so they can also communicate privately with the VMs, but the documentation for configuring a Point to Site connection assumes you are starting from scratch, rather than adding to an existing VNet, and it does not cover Point-to-site connections to App Services.
It seems like a Point-to-site configuration needs to be added to the existing gateway, but I am unclear on several issues not covered by the documentation: How are certificates handled? What tunnel type is supported/preferred in App Services. Should the address pool of the Point-to-site config match the VNet's Gateway subnet range?
Update: After adding an address pool value for the Point-to-side configuration in the existing VNet gateway, the VNet could be added to our App Service. But even though The App Service VNet config reports that certs are in sync and that the gateway status is online, the App Service does not seem to be able to communicate with a VM, and nothing is listed under Allocated IP addresses in the Point-to-side configuration.
I am not sure if additional configuration is needed or if this implies a problem with the VNet addressing. The VNet default subnet is 10.1.0.0/24, the VNet gateway subnet is 10.1.1.0/24, and the Point-to-site pool is 10.1.2.0/24.
