Azure: How to give an VM a NAT address and make the VM only accessible from specific IP address?
I am new Azure, and I just finished creating my first VM. Now I want to give the VM a private IP address (10.0.0.200), and make the VM only accessible from specific public IP addresses. I want the virtual network to be an extension of our private network which is 10.0.0.X, 255.255.254, 10.0.0.1.
I read these two articles Configure a private IP address for a VM using the Azure portal and What is Virtual Network NAT?, but my I am only able to connect to the VM via RDP using a public IP address. When I do ipconfig from the VM it shows the IP address as 10.0.0.200.
Or is it best to make the entire virtual network private?
Thanks!
Solution 1:
When you deploy a virtual machine it automatically get's a private IP address, by default this will be allocate automatically from the range of your virtual network. You can assign a static private IP to give it the IP you want, but only if the address range configured in your virtual network includes this.
However, even if you do get that IP assigned, you are not going to be able to connect to it over private IP from your on-premese network. To do this you would need to integrate your on-premesis network with the Azure network using either a VPN or ExpressRoute. You would also need to ensure there are no overlapping IP ranges.
In your current configuration with no direct connectivity between on-prem and Azure you have two options to access the VM:
- Give it an external IP and RDP to it over that. You can lock down which external IP addresses have access through your Network Security Group in Azure
- Leave it with just a private IP, use Azure Bastion to connect to the VM