How does the network traffic flow into and out of Azure from UIC?
This article contains a network diagram detailing how network traffic flows into and out of Azure from on campus.
UIC has defined network routes for all traffic at UIC that is destined for private IP range (172.28.0.0/23) in our Azure network space to utilize the VPN tunnel. Traffic back to UIC campus private IPs should also utilize the VPN tunnel. If you choose to create a public IP on your Azure resource, traffic to and from Azure should not travel through the VPN tunnel.
When attempting to reach an Azure resource with a private IP address, network traffic will go through your departmental firewall, to UIC's Cisco ASA device, through the VPN tunnel and into a central subscription in Azure. From there, it will travel out to your specific subscription in Azure. If, on the other hand, you're attempting to reach an Azure resource via its public IP, you will do so via the Internet. Network traffic will return via the same route.
NOTE: In order to reach a resource via it's private IP in Azure, you must first VPN into the campus network. As of December 2019, Utilizing UIC-Wifi and UIC VPN to access Azure is not operational. The ACCC is working on fixing this issue. If you need to access your Azure VLAN from UIC Wifi, we recommend that you create a Virtual Machine in Azure as a temporary jump box.