Search code examples
azureazure-web-app-serviceazure-virtual-networkazure-app-service-plansvnet

How to route traffic from my Azure App Service to specific external IP address

I'm trying to follow along with the guide found here: https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-integrate-with-vnet

I have tried both connecting to an existing VNET and setting up a new VNET, but the results are the same.

I have an existing VNET that connects to an external partner service. When I connect a VM to the VNET, I am able to telnet into the external partner's IP:port. When I connect the azure app service to that same VNET, I am unable to get the traffic to route to that external partner service.

From the guide, it looks like I should be able to just add IP address range to the App Service Plan's Networking configuration as seen in this image from the linked article.

IP Addresses routed to VNET include text boxes

When I go into my App Service Plan's Networking configuration, I have no option to add more IP addresses.

My App Service Plan's Networking configuration

When I look at the App Service directly (not the plan), I see that there are some default routes (not sure where those come from).

App Service Plan network configuration

I tried adding a User Defined Route to the route table associated with the subnet, but that did not appear in the IP Addresses Routed To VNET.

The address range listed in the Site-to-Site address space is the range that I need forwarded.

Solution

  • So, while the article shows that you can add routes via the portal seen in the first image of the question, that functionality does not exist. To add a route, you have to use the resource explorer and edit the service plan.

    Resource explorer

    From here, it will open the explorer to the app service plan selected. Find the virtualNetworkConnections node and open it. Inside you'll see a Routes node. Pick routes.

    Virtual Network Connections

    Enable Read/Write capability in the top bar.

    Enable Read/Write

    Copy an existing route from the list if there is one to pick up the default values, then pick create option to add a new route.

    Create route

    Paste the existing route and update appropriate fields or fill in from scratch. Here is an example...

    {
  "id": "/subscriptions/<subid>/resourceGroups/<RG name>/providers/Microsoft.Web/serverFarms/<service plan name>/virtualNetworkConnections/<vnet name>/routes/<route name>",
  "name": "<route name>",
  "type": "Microsoft.Web/serverfarms/virtualNetworkConnections/routes",
  "location": "<location, eg East US 2>",
  "properties": {
    "name": "<route name>",
    "startAddress": "<start address>",
    "endAddress": "<end address>",
    "routeType": "DEFAULT",
    "denyRoute": false
  }
}

    If you had an existing route, you should only need to change the <route name>, <start address>, and <end address>.

    The {Resource Name} field should be populated with same value as in the template. After filled in, select PUT. The new route will now be available.

    Put Route