Home > Blockchain >  How to connect an azure app service to a VPN without and shared key
How to connect an azure app service to a VPN without and shared key

Time:01-11

Im currently trying to connect my backend, hosted in azure as an app service, to our companies vpn by following this tutorial

The issue I am running in right now is that I need a shared key to connect the virtual local gateway and the virtual gateway. Because of a company policy this is not possible. I have to either use a certificate or username/password.

Is this possible? In what direction should I go for this?

CodePudding user response:

Few ways you can achieve this is to use an Azure Virtual Network (VNet) and a VPN Gateway. The VPN Gateway acts as the endpoint on the Azure side of the VPN connection, and you can configure it to use a pre-shared key (PSK) or a certificate-based authentication. The Azure App Service can then be deployed within the VNet, which will allow it to communicate with resources on the other side of the VPN connection.

Another option is to use Azure ExpressRoute. ExpressRoute allows you to create a dedicated, private connection between your on-premises infrastructure and Azure. You can use ExpressRoute to connect to an Azure App Service without the need for a VPN or shared key. ExpressRoute uses an Azure Gateway, and you can configure it to use a certificate-based authentication.

Another approach is to use Azure Application Gateway which can act as a reverse proxy and it can encrypt/decrypt traffic between app service and VPN.

Finally, you can also use Azure Active Directory Authentication, which allows you to authenticate and authorize your App Service users based on their on-premises identities, which eliminates the need to share keys or secrets.

CodePudding user response:

I tried to reproduce the same in my environment like beIow:

I created virtual network gateway like below:

enter image description here

And created Local network gateway like below:

enter image description here

In connection, as per MsDoc you can use only pre shared key authentication in site-to-site VPN connection

enter image description here

You can use pre shared key it will be used for authentication and encryption of the vpn connection and same pre shared key must be used in both virtual network gateway as well as local network gateways.

Based on your requirement it is not feasible to use username and password or certificate to connect to azure app service .

  • Related