Things to remember in Azure Networking
You should not directly access a Virtual Machine placed in a harmonized VNET instead, it has to be accessed via a Bastion instance which is secure & is the recommended method.
You should not directly access a Virtual Machine placed in a harmonized VNET instead, it has to be accessed via a Bastion instance which is secure & is the recommended method.
When connecting a VM from Bastion-instance the VM will only have internet access if a NAT-Gateway is attached to the VNET of the Virtual Machine or if a public IP is assigned to it.
But, if you are unable to access the Internet even after setting up NAT-Gateway -start troubleshooting based on the possible scenarios
As depicted above, consider you have set up a NAT Gateway under the vnet test-vnet-uksouth-00a5cfe as shown above,
you are using both the single IP and IP prefix/31 under the NAT Gateway configuration.
Even after the NAT Gateway configuration, you cannot access the internet from your VM client-machine.
This could be possible because - The subnet test-sn-0 under the vnet might have a route table applied test-sn-0-uksouth-rt.
And the route table might have a route entry with 0.0.0.0/0 and the next hop is virtual appliance 10.x.x.4.
Because of this route, the NAT Gateways' default route is not getting preference over your custom route table,
Once we remove the 0.0.0.0/0 from under the route table test-sn-0-uksouth-rt, your VM will be able to access the internet.
Regarding the SSH access to the VM, note that NAT Gateway is for outbound traffic requests and its return traffic. Kindly refer- https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-gateway-resource#coexistence-of-outbound-and-inbound-connectivity
No comments:
Post a Comment