Reaching a TFS server not hosted on the client PC, when applying an Azure “point to site” VPN

Having created a “developer desktop” VM within my Azure virtual network (a Windows SSTP-based VPN enabled server pool), the whole point is to connect the VM to the local LAN – and its “private” cloud servers. This includes enabling the visual studio client on the desktop to access the source files server, known as TFS – that is hosted on a host other than my client PC, in a different subnet furthermore. And, my client PC connects to the the subnet itself over a VPN, using the Cisco AnyConnect/ASA (SSL over UDP) tool chain..

Being a client to site VPN (vs. site to site), the remote gateway does not inject server side routes mapping my various subnets. There is one and one only: the network of 1 host: my connecting PC.  To make the solution work, I added ip port forwarding to the PC, so it exposes a port on its binding address to which the visual studio port can reach (over the windows VPN). This in turn captures layer 4 PDUs and forwards them to the true server on the subnet, unreachable directly, using local knowledge that allows the segment forwarding process.


This gets us to




About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in azure. Bookmark the permalink.