question

MarceloFerrari-9822 avatar image
0 Votes"
MarceloFerrari-9822 asked MarceloFerrari-9822 answered

Restriction of access to P2S resources - Azure Gateway

Today I have a hub and Spoke topology and access to resources is through a P2S VPN (Open-VPN) using the Azure Gateway.
I need to make access available to the Development team by restricting access to other resources that I have on the same virtual network, can you tell me if it is possible?

azure-vpn-gateway
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SaiKishor-MSFT avatar image
0 Votes"
SaiKishor-MSFT answered SaiKishor-MSFT commented

@MarceloFerrari-9822

Thank you for reaching out to Microsoft Q&A. Do your clients use a specific OS and client software for client VPN? You could implement this setup using P2S with Azure AD Auth with Conditional Access. However, as of today, P2S + Azure AD auth is supported for the Windows clients only using "Azure VPN Client" application (relying on OpenVPN).

For all other OS and vpn clients, at this time this is not possible but you can upvote this similar request in the Azure Feedback Channel- https://feedback.azure.com/forums/217313-networking/suggestions/13073538-possibility-of-restrict-point-to-site-vpn-access-t

Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarceloFerrari-9822 avatar image
0 Votes"
MarceloFerrari-9822 answered

I apologize for the delayed response.

I currently have an infrastructure containing 3 Spoke networks and a Hub, and creation with peering between them.

The P2S connection is made on the Hub network where after connecting, I have access to all our servers on the Spokes networks, with the growth of the team of developers, some need to access specific resources for example the database we have.

Some Developers using Windows and others Linux, is there a safe way to restrict access to the resource only through P2S / OpenVPN?


Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarceloFerrari-9822 avatar image
0 Votes"
MarceloFerrari-9822 answered

I thought of creating another VPN gateway specifically for connection by the DEV team and controlling permissions by NSG

I don't know if peering works with this new gateway, since it is already in use with the other one

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.