Azure

Azure VPN Gateway NAT Configuration

Introduction

NAT defines the mechanisms for translating one IP address to another in an IP packet. It's commonly used to connect networks with overlapping IP address ranges. NAT rules or policies on the gateway devices connecting the networks specify the address mappings for the address translation on the networks.

NAT is applied to the connections that have NAT rules.

NAT rules

The diagram shows an Azure VNet and two on-premises networks, all with an address space of 10.0.1.0/24. To connect these two networks to the Azure VNet and VPN gateway, create the following rules.

  • EgressSNAT rule: This rule translates the VNet address space 10.0.1.0/24 to 192.168.1.0/24.
  • IngressSNAT rule 1: This rule translates the on-premises address space 10.0.1.0/24 192.168.2.0/24.
  • IngressSNAT rule 2: This rule translates the on-premises address space 10.0.1.0/24 to 192.168.3.0/24.

In the diagram, each connection resource has the following rules.

  • Connection 1 (VNet-Branch1)
    • IngressSNAT rule 1
    • EgressSNAT rule 1
  • Connection 2 (VNet-Branch2)
    • IngressSNAT rule 2
    • EgressSNAT rule 1

Pre-requisites

  • NAT is supported from VpnGw2 to VpnGw25 and from VpnGw2AZ to VpnGw5AZ.
  • The VPN Gateway should be upgraded to VpnGw2.
  • The customer needs to provide the NAT address spaces to meet our requirements.

Step 1. Navigate to the Configuration section under Settings on the Virtual Network Gateway. Change the SKU to VpnGw2 and click Save.

Configuration

Configuring the NAT Rules.

Mode

  • IngressSNAT: An IngressSNAT rule maps an on-premises network address space.
  • EgressSNAT: An EgressSNAT rule maps the Azure VNet address space.

Type

  • Static NAT: Static rules define a fixed address mapping relationship. A given IP address will be mapped to the same address from the target pool.
  • Dynamic NAT: For dynamic NAT, an IP address can be translated to different target IP addresses based on availability

Step 2. Navigate to the NAT Rules section under Settings on the Virtual Network Gateway.

  • Name: Enter the Name for the Rule
  • Type: Static / Dynamic (Based on the Address space)
  • Mode
    • EgressSnat
      • Internal Mappings: Azure Address Spaces
      • External Mapings: Customer Address spaces (NAT Address)
    • IngressSnat
      • Internal Mappings: Customer Address spaces
      • External Mapings: Azure NAT Address Spaces

Step 3. Once successfully configured, click Save.

This process will take 10 minutes to make the changes.

Save

Associating the NAT rules to the VPN Connection.

Step 1. Navigate to the NAT Rules section under Settings on the Connection.

VPN Connection

Step 2. Select the Ingress NAT Rules and Egress NAT Rules and click Save.

Egress NAT Rules 

Verification

Navigate to the NAT Rules section under Settings on the Virtual Network Gateway.

Verification

Up Next
    Ebook Download
    View all
    Learn
    View all
    IFS is a global enterprise software vendor providing solutions that help companies get better return
    Membership not found