We are moving offices in a few months and we will have a 2 week period where all staff (15) are working form home or shared offices.
Our firewall and VPN hardware we have won’t be running during this period but have a number of services with static ip whitelists.
So I was thinking is it possible to use Azure VPN Gateway somehow to allow users to connect and get a static IP? Or is this not how it works?
What do you mean m? You have on prem resources that users need to connect to but you won’t have the VPN concentrator running? You can use the VPN and local network gateway to connect your on prem environment to Azure but you’d still need the VPN concentrator.
Sorry didn’t explain it clear maybe.
We will not have any on prem setup for 2 weeks, we are mainly cloud apart from network equipment so not a big issue. But we have web apps that require us to sign on from static whitelisted IPs (currently our 2 WAN IPs are used).
All our users don’t have static IPs at home and updating daily is a pain, so I want a method we can have a virtual network with a static IP. Not sure if this is possible in Azure VPN?
HI,
you have to configure a point to site azure VPN gateway, than it is important that your vpn client routing sends all traffic to the vpn gateway. With this setup you can configure a “NAT Gateway” for the vpn client subnet, so the traffic to the internet is using a static public IP.
https://medium.com/marcus-tee-anytime/network-outbound-for-azure-ways-to-get-static-outbound-ip-address-304cec44d910
Are the web apps in Azure as well? If so you can create a VPN that can connect users to the network and allow them to have an IP in your Vnet’s IP range. Then you can open up the web app to that IP range so that all of the users can connect. I don’t think you can static the users IP address though but it wouldn’t matter if you’re limiting access to a subnet to vnet ip range.
Thanks sounds promising il have a read through and test
No this is the thing it’s more SaaS than our own Web apps in Azure.
Worst case is we get a static ip at someone’s home and setup firewall there for few weeks but not ideal at all.