如何使用 azure 虚拟网关私下访问应用程序网关标准 v2 ip?
[英]How to access the Application gateway standard v2 ip in private using azure virtual network gateway?
问题描述
I need to host my application to limited trusted audience.
我需要将我的应用程序托管给有限的受信任受众。 I'm using application gateway standard v2 as my load balancer.我正在使用应用程序网关标准 v2 作为负载均衡器。 I want to provide access to the application gateway those who are connected to my vpn.我想为那些连接到我的 vpn 的人提供对应用程序网关的访问。 I created network security group and I configured inbound rules to restrict the public access of port 80.Also I'm trying to open the port 80 for my specific users.我创建了网络安全组,并配置了入站规则以限制端口 80 的公共访问。此外,我正在尝试为我的特定用户打开端口 80。 But I couldn't able to configure source ip address range as dynamic based on vpn users.但我无法根据 vpn 用户将源 ip 地址范围配置为动态。
Following things I have tried以下是我尝试过的事情
- I tried by adding vpn address pool as NSG inbound rule source address我尝试通过添加 vpn 地址池作为 NSG 入站规则源地址
- I tried configuring the source tag as virtual network我尝试将源标签配置为虚拟网络
- I tried configuring my VPN address pool range in my NSG(app gateway subnet)我尝试在我的 NSG(应用网关子网)中配置我的 VPN 地址池范围
But no luck.但没有运气。 If I'm hardcoding specific public ip address it's working.如果我对特定的公共 ip 地址进行硬编码,它就可以工作。 I couldn't able to configure this for my vpn users.我无法为我的 vpn 用户配置它。
Anyone kindly advise me on this?有人好心给我建议吗?
1 个解决方案
解决方案1
0 2021-12-22 12:34:20
• I would suggest you to please configure the whitelisting of client IP address range in the Microsoft VPN gateway that you may have configured. • 我建议您在您可能已配置的Microsoft VPN 网关中配置客户端IP 地址范围的白名单。 As the application gateway that you are using is configured to be used as a load balancer and not an IP filtering appliance.由于您使用的应用程序网关配置为用作负载平衡器,而不是 IP 过滤设备。 The application gateway has a private IP address assigned to it while the VPN gateway has a public IP address assigned to it due to which the users connecting to the VPN gateway will be redirected internally to the application gateway and then to the application hosted behind it for better availability.应用程序网关分配了一个私有 IP 地址,而 VPN 网关分配了一个公共 IP 地址,因此连接到 VPN 网关的用户将在内部重定向到应用程序网关,然后重定向到它后面托管的应用程序更好的可用性。
Please refer the below screenshot for bypassing a set of client address pool through a VPN gateway: -请参考下面的截图,通过 VPN 网关绕过一组客户端地址池:-
Also, please check that the port ranges allowed or bypassed for the NSG of the application gateway can be filtered through it since it is purpose specific to port allow/disallow only.此外,请检查是否可以通过它过滤应用程序网关的 NSG 允许或绕过的端口范围,因为它仅针对端口允许/禁止的用途。 Thus, for client address range to be allowed for a particular port in NSG of the application gateway, ensure that the inbound port rules for VPN gateway public IP address and the respective client IP address pool is also allowed for the respective port configured on the listener of the application gateway, ie, 80 or 443.因此,对于应用程序网关的 NSG 中特定端口允许的客户端地址范围,请确保 VPN 网关公共 IP 地址和相应客户端 IP 地址池的入站端口规则也允许用于侦听器上配置的相应端口应用网关,即80或443。
But it is recommended that you configure them in the VPN gateway configuration.但建议您在 VPN 网关配置中进行配置。
Please find the below link for reference regarding the application gateway: -请在以下链接中找到有关应用程序网关的参考:-
https://docs.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#allow-access-to-a-few-source-ips https://docs.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#allow-access-to-a-few-source-ips
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.