?
Solved

Unable to access URL on Azure Windows VM from my on-premise subnet

Posted on 2016-10-04
12
Medium Priority
?
23 Views
Last Modified: 2016-10-29
I have a Web Server on Windows Server 2012 r2 on Microsoft Azure. My vendor built a a webpage that I need to access from my on-premise subnet. I created inbound security rule in the Network Security Group allowing my subnet connection to the server via HTTP/HTTPS and I can't connect using DNS name or IP address. When I enabled access to the same page from my vendors IP address, they can easily access it.

Also, I have a VPN tunnel between my Azure environment and my on-premise subnet.
I can easily connect via RDP, but can't over HTTP.

Any advise appreciated.
Thanks.
0
Comment
Question by:Lev Kaytsner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 41829426
Is your http traffic going thru your VPN tunnel?  If not, the network security group rule needs to know what your public IP address (or address range) is.

Dan
0
 

Author Comment

by:Lev Kaytsner
ID: 41829988
Thanks Dan,

My internet traffic is not going thru the VPN tunnel with Azure and I added our external IP address to  the network security group. It didn't help. I even added external IP block that belongs to my firewall outside interface.

But, I can access this server via private IP assigned to the server.
So I wonder if my VPN tunnel with Azure is messing this up.

Thanks,
Lev
0
 

Author Comment

by:Lev Kaytsner
ID: 41829993
When I do a tracert command to the IP I want to access, I can't even go past my internal router.
I am sure its unrelated, I can't tracert any IP from my workstation or any internal device.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 28

Expert Comment

by:Dan McFadden
ID: 41830011
Can you ping anything on the Azure side?

Dan
0
 

Author Comment

by:Lev Kaytsner
ID: 41830017
No. I don't think Azure allows ping commands.
0
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 41830026
There are other way to verify connectivity.

Link:  https://blogs.msdn.microsoft.com/mast/2014/06/22/use-port-pings-instead-of-icmp-to-test-azure-vm-connectivity/

SysInternals:  https://technet.microsoft.com/en-us/sysinternals/psping
*** the utility mentioned in the first link.

Dan
0
 

Author Comment

by:Lev Kaytsner
ID: 41830033
Thanks, this is interesting. Let me try this.
Lev
0
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 41857061
Any additional info on this question?

Dan
0
 

Accepted Solution

by:
Lev Kaytsner earned 0 total points
ID: 41857076
Hi,

I was actually able to solve it. The problem was in the way my VPN tunnel was set up between my local network and Azure. My public IP address that is advertised when we go online was part of the subnet that was added to the VPN and every time I wanted to get to the servers or URL's with Azure's public IP address, I was coming back to my local subnet since it was part of the VPN tunnel.

When I removed that subnet and only left my workstations subnet in the tunnel, I was able to access it.

In other words I was creating a loop instead of 2 way traffic.

Thanks for the follow up.
This is something to remember.
Lev
0
 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 2000 total points
ID: 41857082
Glad to have helped.

Dan
0
 

Author Comment

by:Lev Kaytsner
ID: 41857087
Thank you Dan!
0
 

Author Closing Comment

by:Lev Kaytsner
ID: 41865052
With Dan McFadden's help I was able to look into the settings closer and find a solution.
0

Featured Post

Congratulations! You’re Certified – Now What?

Starting a new career can be overwhelming. Becoming certified in your field of expertise is a great start, but where do you go from here?  Here are some tips to help you on your career journey.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimized for private cloud infrastructures and datacenters, Nano Server is minimalistic, yet super-efficient, OS for services such as Hyper-V and Hyper-V cluster. Learn how you can easily deploy Nano Server and unlock its power!
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question