• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 27
  • Last Modified:

Unable to access URL on Azure Windows VM from my on-premise subnet

I have a Web Server on Windows Server 2012 r2 on Microsoft Azure. My vendor built a a webpage that I need to access from my on-premise subnet. I created inbound security rule in the Network Security Group allowing my subnet connection to the server via HTTP/HTTPS and I can't connect using DNS name or IP address. When I enabled access to the same page from my vendors IP address, they can easily access it.

Also, I have a VPN tunnel between my Azure environment and my on-premise subnet.
I can easily connect via RDP, but can't over HTTP.

Any advise appreciated.
Thanks.
0
Lev Kaytsner
Asked:
Lev Kaytsner
  • 7
  • 5
2 Solutions
 
Dan McFaddenSystems EngineerCommented:
Is your http traffic going thru your VPN tunnel?  If not, the network security group rule needs to know what your public IP address (or address range) is.

Dan
0
 
Lev KaytsnerAuthor Commented:
Thanks Dan,

My internet traffic is not going thru the VPN tunnel with Azure and I added our external IP address to  the network security group. It didn't help. I even added external IP block that belongs to my firewall outside interface.

But, I can access this server via private IP assigned to the server.
So I wonder if my VPN tunnel with Azure is messing this up.

Thanks,
Lev
0
 
Lev KaytsnerAuthor Commented:
When I do a tracert command to the IP I want to access, I can't even go past my internal router.
I am sure its unrelated, I can't tracert any IP from my workstation or any internal device.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
Dan McFaddenSystems EngineerCommented:
Can you ping anything on the Azure side?

Dan
0
 
Lev KaytsnerAuthor Commented:
No. I don't think Azure allows ping commands.
0
 
Dan McFaddenSystems EngineerCommented:
There are other way to verify connectivity.

Link:  https://blogs.msdn.microsoft.com/mast/2014/06/22/use-port-pings-instead-of-icmp-to-test-azure-vm-connectivity/

SysInternals:  https://technet.microsoft.com/en-us/sysinternals/psping
*** the utility mentioned in the first link.

Dan
0
 
Lev KaytsnerAuthor Commented:
Thanks, this is interesting. Let me try this.
Lev
0
 
Dan McFaddenSystems EngineerCommented:
Any additional info on this question?

Dan
0
 
Lev KaytsnerAuthor Commented:
Hi,

I was actually able to solve it. The problem was in the way my VPN tunnel was set up between my local network and Azure. My public IP address that is advertised when we go online was part of the subnet that was added to the VPN and every time I wanted to get to the servers or URL's with Azure's public IP address, I was coming back to my local subnet since it was part of the VPN tunnel.

When I removed that subnet and only left my workstations subnet in the tunnel, I was able to access it.

In other words I was creating a loop instead of 2 way traffic.

Thanks for the follow up.
This is something to remember.
Lev
0
 
Dan McFaddenSystems EngineerCommented:
Glad to have helped.

Dan
0
 
Lev KaytsnerAuthor Commented:
Thank you Dan!
0
 
Lev KaytsnerAuthor Commented:
With Dan McFadden's help I was able to look into the settings closer and find a solution.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now