Application Gateway无法连接到其他VNet中的VM [英] Application Gateway cannot connect to VMs in a different VNet
问题描述
我在VNet 1中的子网1中部署了Application Gateway,在VNet 2中的子网2中部署了虚拟机中的Web应用程序。我在VNet 1和VNet 2之间启用了VNet对等。
I had Application Gateway deployed in Subnet 1 in VNet 1, and a web application deployed in a VM in Subnet 2 in VNet 2. I enabled VNet peering between VNet 1 and VNet 2.
我在Vnet对等配置中禁用了从VNet 2到VNet 1的虚拟网络访问,在附加到子网2的NSG中添加了入站规则,以允许来自子网1的TCP连接。
I disabled virtual network access from VNet 2 to VNet 1 in the Vnet peering configuration, added an inbound rule in the NSG attached to Subnet 2 to allow TCP connection from Subnet 1.
我启用了从VNet 1到VNet 2的虚拟网络访问,并且我能够通过http://< application gateway hostname>访问我的Web应用程序。
I enabled virtual network access from VNet 1 to VNet 2 and I was able to access my web application through http://<application gateway hostname>.
之后,我禁用了从VNet 1到VNet 2的虚拟网络访问,并在连接到子网1的NSG中添加了出站规则,以允许TCP连接到子网2.我希望此设置能够正常工作但不,我无法通过http://< application
gateway hostname>访问我的网络应用程序再好了!
After that, I disabled virtual network access from VNet 1 to VNet 2, and added an outbound rule in the NSG attached to Subnet 1 to allow TCP connection to Subnet 2. I would expect this setup to work but NO, I was not able to access my web application through http://<application gateway hostname> anymore!
任何想法?
推荐答案
我认为你应该在TCP上打开HTTP NSG,应用程序网关使用HTTP来健康探测资源。
I think you should open HTTP alongside the TCP on the NSG, the application gateway use HTTP to Health Probe the resource.
此外
"如果应用程序网关子网上有网络安全组(NSG),则必须在应用程序网关子网上为入站流量打开端口范围65503-65534。这些端口是后端运行状况API工作所必需的。
此外,无法阻止出站Internet连接,并且入站流量即将到来必须允许来自AzureLoadBalancer标记。"
这篇关于Application Gateway无法连接到其他VNet中的VM的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
