Share via

RDP via Azure VPN through Azure FW.

Zuuber 185 Reputation points
2024-12-14T22:36:11.7766667+00:00

Previously I connected to our AVD session hosts to perform admin work with a local admin account using local IP via Azure VPN Gateway, this worked fine.

We now have an Azure firewall setup as hub and spoke.

I still want to connect to the session hosts using local IP via the VPN, I've tried all combinations of firewall rules and i just cant get it to work.

vnet1
VPN GatewaySubnet 10.34.4.0/22

vnet2
Azure FW basic SKU

vnet3
avd-subnet 10.36.1.0/24

vnet1 and 3 are peered to vnet2.
Im sure the peering options are correct, 'Allow gateway or route server in vnet1 to forward traffic to vnet2' and 'Enable vnet2 to use vnet1 remote gateway or route server' is ticked, also the usual allow traffic are both ticked.
The VPN has a route advertised to 10.36.1.0/24.
I've temporarily removed the NSG attahced to the AVD subnet to verify thats not blocking RDP.

I think its the firewall rules im struggling with.

I can configure RDP using public IP through the firewall but i dont want that, i want to continue using the local IP and only accessible via VPN.

I presume its network rules i need to configure but I've tried so many I'm going around in circles and none seem to work.

Any help would be appreciated.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,608 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,591 questions
Accepted answer
  1. Sai Prasanna Sinde 2,705 Reputation points Microsoft Vendor
    2024-12-16T02:16:50.1933333+00:00

    Hi @Zuuber

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue: RDP via Azure VPN through Azure FW.

    Solution: The FW network rule had the incorrect source IP, I needed to add the 'VPN IP address' as source into the firewall and not the GW subnet range.

    Please don’t forget to close the thread by clicking "Accept answer" so that other community members facing the same issues can find the right answers.

    Your Contribution is highly appreciated.

    Thanks,

    Sai.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.