![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 1%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
197 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Thank you for getting back.
As the Virtual Machine has a public IP assigned, when you try to do RDP from your client machine, the traffic will directly go this public IP of the VM, and the return traffic will be directed as per the effective routes of the VM. You can check the effective routes as shown here. If there is route which directs all the traffic from the VM to the firewall in the hub, then this outgoing RDP packet will be directed to the firewall, and it will block the communication as per the rules set.
I think the RDP communication should work if you can add a route to your VM which allows the outgoing RDP traffic directly to the internet unless if there is any other NSG which is not blocking this connectivity. You can use IP flow verify tool to diagnose any NSG issues. Just to clarify if you set such routing rule, the RDP traffic will bypass the firewall and this is not recommended as it is not secure.
Based on your statement above
2.Even I have deleted RDP rule in security group from VM level NSG, able to take RDP with Private IP address when I connected to P2S VPN? How it is possible.
This is more secure way of establishing RDP session with your VM, as VPN provides additional security. Even when you deleted the RDP rule, the RDP session was not interrupted as the communication happens over private network and there is a default NSG rule (screenshot below) which allows communication between VirtualNetwork service tag. This service tag includes all Virtual network address space (all IP address ranges defined for the virtual network), all connected on-premises address spaces.
Hope this helps. Please let me know if you have any concerns or queries. Thank you!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.