![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 93%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOS%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,567 questions
To answer your question,
"Is it possible to use Azure VPN with Azure NAT Gateway and route all P2S VPN traffic through a NAT Gateway connected to this VPN?"
- No
- This is not possible.
Summary:
#Point1
- See : Forced tunneling
- Internet connectivity is not provided through the VPN gateway. As a result, all traffic bound for the Internet is dropped.
- This means, VPN Gateway as a stand alone resource cannot provide you with internet connectivity.
#Point2
- You cannot combine NAT Gateway and Azure VPN because NAT Gateway cannot be attached to gateway subnet where the VPN resides.
- See : FAQ | Can a NAT gateway be attached to a gateway subnet?
-
What you can do is,
Consider deploying a NVA or Azure Firewall on the VNET and route all traffic to the Firewall from the VPN Gateway.
- You should advertise additional custom routes 0.0.0.0/1 and 128.0.0.0/1 to the P2S Clients.
- On the GatewaySubnet, attach a UDR with routes 0.0.0.0/1 and 128.0.0.0/1 pointing to the nextHop as the NVA's/Azure Fierwall's IP Address
- Now, this Firewall will provide you with Internet connectivity
I would suggest you instead consider using Virtual WAN Hub routing intent with Internet Traffic Routing Policy
Hope this helps.
Please let us know if we can be of any further assistance here.
Thanks,
Kapil
Please Accept an answer if correct.
Original posters help the community find answers faster by identifying the correct answer.