Solved: Re: How to Access GCP Private Endpoint for All Goo...

Nikp · 01-13-2025 02:03 PM

I have a classic VPN setup between Azure and Google Cloud Platform (GCP), and I can successfully access VMs on both sides.

In GCP, I created a Private Service Connect endpoint that targets all Google Cloud APIs, allowing private access to these APIs, via the endpoint (e.g., storage-myendpoint.p.googleapis.com). From a VM in GCP, I can connect to this private endpoint without any issues.

However, when I try to connect to the same endpoint from a VM in Azure, it doesn't work.

Details:

The VPN gateway is connected to the same VPC where the Private Service Connect endpoint is located.
I expected the Azure VM to access the Google APIs via the private endpoint through the VPN, but it fails.

Questions:

Are there specific configurations or additional steps needed to allow Azure VMs to access GCP’s private endpoint over the VPN?
Could there be any network routing or DNS resolution issues preventing Azure VMs from reaching the GCP private endpoint?
Any insights into troubleshooting this setup would be helpful.

Thank you!

ammett

Check out this documentation and remember to export the IP of the endpoint as a custom export from the cloud router. Ensure you can see the IP of the endpoint in your Azure route table.

https://cloud.google.com/vpc/docs/configure-private-service-connect-apis#on-premises
https://cloud.google.com/network-connectivity/docs/router/how-to/advertising-custom-ip

View solution in original post

ammett

Check out this documentation and remember to export the IP of the endpoint as a custom export from the cloud router. Ensure you can see the IP of the endpoint in your Azure route table.

https://cloud.google.com/vpc/docs/configure-private-service-connect-apis#on-premises
https://cloud.google.com/network-connectivity/docs/router/how-to/advertising-custom-ip

How to Access GCP Private Endpoint for All Google APIs from Azure VM over Classic VPN?