1

We have a simple php website which needs to connect to a 3rd party API, and that third party requires a point to point IPSEC VPN.

Azure has an ipsec gateway product for this, but how does one use it with a web app?

There are 3 categories of web app: Dev, Production and isolated.

CAn the gateway be used with a "production" instance? the isolated allows setting up a private network, which will presumably work with the ipsec gateway, but the cost is prohibative

Assuming we have a web app using this IPSEC gateway, is there any way a developer at home can "see" the API Address? If we were using a linux box, I would simply use ssh tunnels, but I am guessing you cant use ssh tunnels to a web app.

eos
  • 551
  • 4
  • 10
  • 27

1 Answers1

1

You can use Private Endpoints which are available with Azure App Service Premium v2, and provision the App Service Plan in a VNet that has a VPN established with your API subnet.

Using Private Endpoints for Azure Web App (Preview)

For testing in a development environment, you could try tunneling with ngrok, see this example for an idea of what will look like:

Remotely debugging PHP on Azure Web Apps with ngrok

Gabriel Talavera
  • 1,377
  • 1
  • 11
  • 18
  • Private endpoints restrict access to the web app to the vnet, it does not allow access to resources in the vNet. For that you need regional vnet integration - https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet – Sam Cogan May 26 '20 at 08:44