Firstly I am not an Azure networking skilled…
I’m trying to configure an Azure Digital Machine inside a Azure Digital Community which has NAT guidelines utilized to outgoing visitors over a s2s-vpn connection, however can nonetheless be RDP enabled for the non-public IP.
The s2s-vpn connection works, and it depends on NAT guidelines so visitors comes from the anticipated IP tackle. RDP into the general public IP additionally works. However RDP into the non-public IP (when on the VPN) fails, and it seems to be incompatible with the NAT rule.
The configuration (public masked) is:
Digital community:
- 10.0.0.0/16
- MyVMSubnet - 10.0.6.0/24
- Community Safety Teams - none
Azure Digital Machine:
- Home windows Server 2022 Datacenter Azure Version
- Personal IP: 10.0.6.5 on MyVMSubnet subnet
- Public IP: 3.4.5.6 (instance)
- Guidelines:
Inbound: AllowCidrBlockRDPInbound 3389/TCP/Any/Any Enable
Outbound: AllowVnetoutBound Any/Any/VirtualNetwork/VirtualNetwork Enable
- Utility Safety Teams - none
- Azure Digital Community Supervisor - none
Digital Community Gateway NAT rule
- Sort: Static
- Mode: EgressSnat,
- Inside Mappings: 10.0.6.5/32
- Exterior Mappings: 10.22.33.44/32 (this mapping is required for the s2s-vpn to work)
- Inside Port Mapping: 12345
- Exterior Port Mapping: 2345
- Linked connection - the s2s-vpn connection
When NAT rule is just not enabled, I can RDP in through the general public IP, or the non-public IP (through Azure VPN).
When NAT rule is enabled – I am unable to RDP in through the general public IP, however NOT the non-public IP.
How can I configure the community and NAT guidelines such that I can nonetheless RDP in through the non-public IP?
Tried options:
- Add 10.0.6.0/24 to the VPN marketed route – no distinction
- VPN to externally mapped IP 10.22.33.44 – would not work
- Added Route Desk with 10.0.6.5/32 mapped to VNetLocal (related to the subnet of the VM)