I have the following issue. I have a Azure virtual network with loadbalancer and 2 VM's. They all have internal IP's obiously (e.g. 10.0.0.1). I have an Azure Point 2 Site VPN setup to connect to my virtual network. Now a third party wants to connect to the SQL instance on the VM via Azure P2S VPN, but giving them access using the same VPN as me, they also get all the internal ip's (of the other VM's). This blocks their own usage for those IP's, since they might already have their own use for 10.0.0.1 in their network.
They want to use a specific IP address, and only connect to that, and not implicitly conflict with my azure virt. network IP's that they might be using themselves. How can I provide access via VPN without including my own internal IP's?
I thought about creating a second virtual network + second VPN, and use vnet-to-vnet, but I'm not sure if this will work.
I thought about creating a second virtual network + second VPN, and use vnet-to-vnet, but I'm not sure if this will work.
No, Azure does not support this.
They want to use a specific IP address, and only connect to that, and not implicitly conflict with my azure virt. network IP's that they might be using themselves.
In Azure, we deploy a VPN, we should make sure the address spaces you specify don't overlap any of the address spaces that you have on your on-premises network.
How can I provide access via VPN without including my own internal IP's?
In your scenario, I think we can create a windows VM and deploy it as a RRAS server, so we can connect Azure via RRAS VPN, in this way, we can define the “Static address pool” for the number of clients, the address spaces you specify will not overlap any of the address spaces that you have on your on-premises network. (just work for windows)
If you want to use Linux to connect azure, I think we can try to use some software VPN.