How to configure public access to a SQLServer FailOver Cluster Instance

Hello,

  Hope someone can help. I configured a 2 node SQLServer FCI within Azure as per article https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-portal-sql-create-failover-cluster

  Everything is working fine when accessing the SQLServer instance from inside Azure VNet, now I need to connect from the public Internet, so I created an Azure Public Load Balancer and configured it the same way as the Internal Load Balancer, except that the Front End IP is now an Azure Public IP.

 When trying to connect from the Internet using SQL Server Management Studio, connection does not work, I suppose that the problem is that the Public IP must match the SQL FCI virtual IP address that is currently a private IP from within the range of my Azure Vnet, I can add a second IP to my FCI but this IP is constrained to the VNET Subnet (10.1.2.x/24).

 My second try was to create a VM with 2 Nics and use Windows RRAS services in order to configure my own Virtual Appliance, so I configured a new Subnet (10.1.7.x/24) so it can work as my "external" network and did the following:

• Create a VM with 2 Nics (Windows Server 2016)
• Nic01 was assigned to Internal Subnet (10.1.2.x/24)
• Nic02 was assigned to "external" Subnet (10.1.7.x/24)
• I assigned a Public IP to Nic02
• Enabled IP Forwarding for Nic02 in Azure Portal
• Enabled IP Forwarding at the OS Level
• Installed "Remote Access" feature
• Configured "Remote Access" for NAT role
• Within NAT Role configuration Nic02 was defined as "Public Interface" and Nic01 as "Private Interface"
• Within NAT Role configuration I created a Rule in order to NAT incoming traffic via Nic02 port 1433 to Internal IP 10.1.2.7 port 1433, where 10.1.27 is the IP used by the Internal Load Balancer and is working as per article cited at the beginning of my post
• When trying to connect from the Internet I can see traffic arriving to the RRAS VM and also I can see "mappings" being created a the RRAS console, but it seems traffic is not flowing to the Azure Internal Load Balancer and in consequence SQL Management Studio is NOT connecting from the out side.

If someone can help with this configuration I will really appreciate it, as I stated SQL FCI is working fine from inside Azure but now I need it to connect from Outside (Public Internet).

Regards,

  Enrique.

Enrique Carbonell