Connecting VNet's Together without allowing on-prem machines access/RDP to other on-prem machines outside of their resource group.

Question

I have three resource groups based on locations, each of these are set up with two Vnets and two Gateways, one for connecting to the VPN using a cert and one for connecting over AAD. Everyone that connects to the VPN is able to see each other AAD/Cert for RDP purposes. On one of these resource groups there is a VM that needs to be able touch every machine across the three resource groups (essentially pinging), but we do not want the three resource groups to be able to see each other because we don’t want them to RDP outside of their resource group.

The issue is that I’m not sure how to set everything up to allow the VM to touch each of these machines without allowing the machines to access/RDP other machines outside of their resource group.

Accepted Answer

@Zesty Fernandez
allow RDP access in NSG using IP address. if you want to restrict RDP access from outside the resource group then deny access for specific IP address rule in NSG.

----------

Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Answer

@Zesty Fernandez
You can restrict RDP access in Network security Group(NSG)
https://thesleepyadmins.com/2018/11/24/azure-network-security-groups-nsg-to-restrict-management-access/

By restricting RDP port 3389 in NSG.

----------

Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Share via

Connecting VNet's Together without allowing on-prem machines access/RDP to other on-prem machines outside of their resource group.

1 additional answer

Your answer