Integrating App Service with NAT gateway to get static outbound IP

vamsi krishna 1 Reputation point
2021-03-30T10:43:11.563+00:00

1-firstly I integrate VNET with APP service
2-to route traffic to VNet, I add WEBSITE_VNET_ROUTE_ALL with value 1 in App service settings.
3-I created NATgateway and attached it to the subnet
4-I also create a route and attached it to the subnet in that route I gave the address prefix as VNET address space and Next hop type I select virtual appliance and in Next hop address I add NAT gateway public IP

note: I used the below link for reference
https://sakaldeep.com.np/1159/azure-nat-gateway-and-web-app-vnet-integration-to-get-static-outbound-ip

after doing all above steps and I checked with below command I did.nt get NAT gateway IP as result.
az webapp show --resource-group <group_name> --name <app_name> --query outboundIpAddresses --output tsv

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,868 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andriy Bilous 10,901 Reputation points MVP
    2021-03-30T11:56:06.96+00:00

    Hello @vamsi krishna
    Using command az webapp show --resource-group <group_name> --name <app_name> --query outboundIpAddresses --output tsv you will only see the list of WebApp global outbound Ip addresses.
    When you are connecting WebApp to VNET, VNET traffic is already NATed with last IP address from the subnet range.
    For example WebApp is connected to VNET with subnet 10.0.0.0/24, so IP address of your WebApp will be 10.0.0.253

    You can check WebApp outbound IP by making a request to WebApp in browser and see IP address of the response in Browser Console

    0 comments
  2. Sakaldeep Yadav 161 Reputation points MVP
    2021-04-08T21:25:00.753+00:00

    HI @vamsi krishna ,

    Use below link
    https://sakaldeep.com.np/1193/azure-web-app-nat-gateway-and-vnet-integration-to-get-static-outbound-ip

    There are few catch like

    1. The feature requires an unused subnet that's a /28 or larger in an Azure Resource Manager VNet.
    2. App Service plan should be Standard or higher.
    3. There is no need to create Route.

    To test it,

    1. Create two apps like an API and a landing website.
    2. Call API to the landing website.
    3. The landing website will get a response from API using NAT Gateway IP as an outbound IP.

    Please let me know if it works for you. Happy to troubleshoot with you if it didn't work for you.

    0 comments