Security for peered VNETS with internal load balancer

有些话、适合烂在心里 提交于 2019-12-13 03:46:59

问题


I have two VNETS (VNET1 and VNET2). VNET1 allows many site2site and point to site connections. VNET2 contains an internal load balancer and a set of VMs for the back end pool of that load balancer. I have successfully setup peering with the help of another post listed below which allows all on-premise clients in VNET1 to access the internal load balancer in VNET2 but it also allows them to access the VMs in VNET2 which I want to avoid.

Accessing resources from connected Azure VNETS via VPN

I'm trying to limit on-premise clients connected to VNET1 so they can only see the internal load balancer on VNET2 (not the VMs in the backend pool). I saw a similar question below but that involved two public load balancers so not sure it's applicable here since I'm using internal load balancer.

Azure Vnet peering with public IP load balancer

I've tried setting up an NSG on the subnet where the VMs reside by creating following rules.

  1. Rule1: Allow LoadBalancer IP to VM subnet (backend VM pool).
  2. Rule2: Deny all other VnetInBound traffic (this overrides the default AllowVnetInBound).

The above rules prevents VNET1 from seeing anything in VNET2 but also prevents sending to the load balancer for some reason.

Anyone have any ideas on how this configuration could be implemented?

来源:https://stackoverflow.com/questions/50865566/security-for-peered-vnets-with-internal-load-balancer

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!