How to connect Private-Link resource to a VPN gateway?

Omer Cohen 0 Reputation points
2024-10-28T21:00:32+00:00

Greetings,
I would appreciate assistance with a design to a solution I would like to implement on Azure. Below I summarized all the information and approaches I tried.

  • Customer has a private endpoint on a "consumer" VNet, from which I would like to allow them to privately consume a service.
  • The private endpoint is to be connected to a private-link resource in a "producer-surrogate" VNet.
  • The aforementioned private-link resource will route traffic to a VPN gateway (also contained in the "producer-surrogate" VNet). Said VPN gateway is connected to a remote service VNet hosting the remote service.
  • I'm allowed to commit changes only to resources in the "producer-surrogate" VNet, i.e., the private endpoint on the "consumer" VNet is the only way for the consumer to consume.

Connected to the above private endpoint I've looked into:

  • A private link service, but those are not supporting a Standard Load Balancer with a backend pool configured by an IP address, hence it cannot be used to route traffic to a VPN gateway. I am aware that routing traffic to a VM, followed by a user defined route, directing traffic to the VPN gateway is possible, but I am not interested in a solution I would have to maintain and scale myself.
  • An application gateway connected to a standard Azure Firewall with forced tunneling (which is used to route traffic to the VPN gateway) should work, however, this seems to be an extremely high cost solution for a simple routing job.

I will appreciate your expertise in the matter, Thanks.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,592 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
526 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.