Azure - Site to Site VPN for Azure PaaS service

Question

Hello Experts,

I have a site to site VPN connecting to IaaS on Azure. Can I use the same to connect to Azure PaaS service like Azure SQL Database?

What changes I need to make on my Site to Site VPN to connect to PaaS services like Azure SQL Database, Web App?

What changes I need to make on my Site to Site VPN to connect to SaaS services like Office 365?

Please advice

---

Regards, AzureBeginner

Answer 1

Hi,

VNet Service Endpoints are Generally Available now for SQL Server. So you can access your SQL PaaS service from your Azure vNet.

If your Site-to-Site VPN is up and routes are announced on both sides, then your Service Endpoint will be accessible from both Azure and the other side of the Site-to-Site VPN. However, for access from your on-premises network, you will need to use NAT to access the service.

More information about the connection from within the vNet and from the on-premises network can be found here: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#securing-azure-services-to-virtual-networks

Office 365 endpoints change from time to time. Sometimes addesses disappear, and new ones come online. There are various ways to get notified. This can be read here: https://docs.microsoft.com/en-us/office365/enterprise/managing-office-365-endpoints. Using this information you can optimize the network flow from and to Office 365.

Office 365 traffic always uses public IP's, and do not have an endpoint within the vNet.

Kind regards,

Christof Van Geendertaelen

Answer 2

Thanks Christoff.

Thanks. Can I use the same Site to Site VPN to connect to other PaaS services like Azure App or AKS?

What changes I need to make at Site to Site VPN end on-premise to connect to AKS?

What is the max Mb speed I can get with Site to Site VPN?

---

Regards, AzureBeginner