This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 43%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
I have a virtual machine running in azure which i have recently added a second public ip to. Both the primary and secondary ip are associated to one nic on the vm. I would like to create seperate inbound rules per public ip however, as it appears any rule i make to one public ip, copies to the other. The reason to split up is because an external source ip will be communicating with both of the public ip's dependant on a service, can anyone share if its feasible to split out rules?9
Hi Andrew,
When you create your NSG rule, have you tried to set the "destination" IP to the specific public IP you are targeting?
If this doesn't work at the NIC level, try to apply it at the subnet level (NSG).
Cheers,
Stephane
Hi Stephane
Thanks for the quick reply
At present I have a rule set from the specific source ip set to ‘any’. Because I now have 2 public ip’s, both of which need to accept traffic from this source ip, my understanding is if I set a specific destination IP, then this would force all traffic from the source to this specific IP each time as it copies the same rule to both public ip’s. If I was able to input separate rules per public ip without them copying to each other, I could route the traffic based on which public ip traffic came in on.
Unsure on the subnet section you mention, the rules only seem to be applied within the nic setttings?
Hey Andrew,
Just setting this up in my lab to get some testing, but two questions came to mind:
So, I think the best way to achieve this would be to: - Assign two private IPs on the NIC, with a separate public IP associated with each private IP (see first screenshot below). - From there, you can create your NSG rules targeting the private IP in the destination. What ports or sources won't matter because you are targeting destination IP (see second screenshot with an example of NSG) In the NSG example below, any source would be able to access HTTPS on each IPs separately. You can change these rules with other ports or specific IPs in the sources. Note that the NSGs does not "direct" traffic, but instead allow or block traffic based on a set of conditions that are evaluated sequentially. The traffic is directed to one interface or the other based on the NAT used with the associated public IP address. IP Configuration example ![8791-nsg1.png][1] NSG rules example ![8763-nsg2.png][2] [1]: /api/attachments/8791-nsg1.png?platform=QnA [2]: /api/attachments/8763-nsg2.png?platform=QnA