Provide access to Azure Sql from vnet only

0
votes

I've got vnet in Azure 10.1.0.0/24. VM connected to vnet directly by static ip: 10.1.0.5 and has not public endpoint. I connect to vnet using VPN and able to connect to VM. That wokrs fine. I'd created Azure Sql database and want to limit connection only from vnet 10.1.0.0/24 (no public endpoint). So, my VM should be able to connect to Azure Sql and I shoul be able to connect to it when connected through VPN. How can I configure this?

1
azure-sql-databaseazure-virtual-network
If you want to connect Azure SQL database via VPN, you can use Azure private link service ; docs.microsoft.com/en-us/azure/azure-sql/database/… - Jim Xu
That's ok. I need to confure Azure Sql firewall to allow only vnet connection, but it isn't works for me. - shaddow
Azure sql does not have private ip. So we need to use the service to assign private IP to sql. Then we can use VPN to connect sql - Jim Xu
So and how can I configure it? - shaddow
Regarding how to configure it, please refer to docs.microsoft.com/en-us/azure/private-link/… - Jim Xu

1 Answers

0
votes

In this case, if you have set up a private connection to Azure – via P2S VPN, S2S VPN, or Express Route, then you can use a TCP proxy server to forward traffic to the public IP address for SQL Database because the virtual network rules are not supported VPN scenario, read the limitation and this.

enter image description here

Main Steps:

  • You can add Azure VM vnet&subnet to virtual network rule on SQL Database as described here

  • Download Nginx and change only the body the nginx.conf file without modifying headers to forward any traffic received on port 1433 to your SQL Database server sqlserver.database.windows.net:1433.

You could read this blog for more details.