Azure P2S VPN DNS resolution issue

Question

Hi All,

I have set up an Azure Point-to-Site (P2S) VPN using Entra ID authentication. I have routed all VPN traffic through Azure Firewall, and in the firewall, I have allowed the VPN address pool to access all VNet CIDR ranges. I am able to connect to the VPN and successfully use SSH and RDP to connect to virtual machines. However, I am unable to access the Azure Container application URL. The VNet is using the default Azure-provided DNS. I verified that the same application URL resolves to the internal IP address when accessed from a virtual machine within the VNet, but it does not resolve through the VPN.

I tried modifying the XML file to include the DNS entry 168.63.129.16, and I can see the DNS IP in the Azure VPN client. However, when checking using cmd or PowerShell, the DNS information is not visible.

Could you please guide me on how to fix this issue?

Thanks

Kruti

Answer 1

@krutibasa majhi ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

Please note that this is the expected behavior for P2S Clients

• You cannot use "168.63.129.16" IP for P2S Clients
• Any requests to 168.63.129.16 must originate from within the Virtual Network - but in your case it's originating from outside the VNET (P2S Address pool is not part of the VNET Address space)

If you'd like to provide name resolution for P2S Clients, consider using Azure DNS Private Resolver

• See : Azure Private Resolver for on-premises workloads
• 
• And add the Private resolver's Inbound EndPoint as custom DNS servers in the P2S Configuration file
• Also, make sure you include the appropriate DNS suffixes in the P2S Configuration file

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

---

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.