The Azure App Service connects to the Azure Virtual Network Gateway (vnet) through point-to-site VPN. This has a site-to-site VPN connection to your local network gateway, to which your on-premises resources are connected (such as web and database servers).

Questions and answers

Is the VPN connection one-way from DXP to on-premises resources?
Yes. The limitation is due to Azure App Services IP assignments. Accessing an Azure App Service on the internal IP assigned to the app service when connected to a VPN is impossible.
Is my VPN Gateway a compatible device for route-based VPN?
See About VPN devices and IPsec/IKE parameters for Site-to-Site VPN Gateway connections.
Can I use my own DNS server that is an on-premises single VPN-established connection?
Yes. When the VPN connection is configured on both sides, Optimizely can help you configure your app services running in DXP to use DNS servers hosted in your on-premises solution. You should test this on Integration and Preproduction before applying it in Production. This requires a restart of your app service.
Can I set up multiple VPN connections within the same DXP package?
No. You cannot run multiple VPN connections to the same DXP project. However, each environment (Integration, Preproduction, and Production) can be connected to the same VPN connection (virtual network gateway).

Related topics