How to Access Azure SQL on my Local Machine Using Point to Site VPN?

Muhammad Shafqat 0 Reputation points
2024-04-03T07:48:29.43+00:00

Hello!

I looking for the help to access my Azure SQL more securely on my Local Machine Using Point to Site VPN. I configure the Point to Site VPN, Azure Private link, Private DNS Resolver but i'm not getting the exact answer. Please help me to teach the procedure how to access Azure SQL on my local machine using Point to Site VPN.

Azure SQL Database
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,388 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
466 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amira Bedhiafi 15,521 Reputation points
    2024-04-03T08:05:43.6066667+00:00

    Based on this old thread :

    First you need to Configure the Azure VPN Client - Azure AD authentication - Windows

    Then :

    1. Navigate to "Firewalls and virtual networks" of you SQL server and make sure to set "Deny public network access" to yes.
    2. Create an Azure private endpoint. It will create endpoint for SQL server within your virtual network and it'll be assigned a private IP from within subnet's IP range. You will use this private IP to connect to SQL server.
    3. On your local machine, make sure you're connected to VPN and open SQL Server Management Studio:
    • Under "Server name" enter private IP address of Azure private endpoint created in step 2.
    • Under "Login" field, enter username in format "username@public_sql_server_name" (e.g. admin@my-sql-server.database.windows.net). For password, just enter your password.
    • Last thing to do is to click on "Options" and navigate to "Connection properties". Make sure to check "Encrypt connection" and "Trust server certificate". This is required as server's certificate is issued to "my-sql-server.database.windows.net" and you're accessing it via private IP. If this wasn't checked, management studio wouldn't trust server's certificate and would refuse connection.
    • Navigate to "Firewalls and virtual networks" of you SQL server and make sure to set "Deny public network access" to yes.
    • Create an Azure private endpoint. It will create endpoint for SQL server within your virtual network and it'll be assigned a private IP from within subnet's IP range. You will use this private IP to connect to SQL server.
    • On your local machine, make sure you're connected to VPN and open SQL Server Management Studio:

    Under "Server name" enter private IP address of Azure private endpoint created in step 2.

    Under "Login" field, enter username in format "username@public_sql_server_name" (e.g. admin@my-sql-server.database.windows.net). For password, just enter your password.

    Last thing to do is to click on "Options" and navigate to "Connection properties". Make sure to check "Encrypt connection" and "Trust server certificate". This is required as server's certificate is issued to "my-sql-server.database.windows.net" and you're accessing it via private IP. If this wasn't checked, management studio wouldn't trust server's certificate and would refuse connection.