Azure Site-to-Site VPN NAT rules

Question

Hey Guys!

Im facing and issue with azure site-to-site vpn with NAT rules, I hope you can guide me to right track.

My scope is to have a site-to-site connection between VNET_vpn and Remote site (its in place and works), then have the following NAT or forwarding or whatever we call it:

I have a working peering between VNET_azure and VNET_vpn between the affected address spaces.

If from the remote site they call the 10.64.0.138 address then the 10.2.132.14 should answer it.

And a few more NAT rules, but with the same pattern.

VNET_azure:

• address space: 10.2.0.0/16

VNET_vpn:

• address space: 10.64.0.0/24
• Virtual Network Gateway SKU: VpnGw2

Remote VPN site (Local network gateway):

• networks: 192.168.44.0/22, 192.168.80.0/23

I tried a multiple options with NAT rules, but with no luck. There are no deployed firewall device in the VNETs, if its possible I would like to solve it the the VPN device itself.

Do you have any suggestions where to go?

Thanks in advance,

Daniel

Answer 1

Hi @Daniel Molnar,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

• Before proceeding to configure NAT rules on VPN gateway, please make sure that the VPN connection is active or not and perform a ping test if needed.
•  As you mentioned you have done a peering between VNET_azure and VNET_vpn, make sure that the "Allow forwarded traffic" is enabled in peering settings level, so that it will allow traffic to flow between the two networks. For your reference: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering?tabs=peering-portal#create-a-peering
•  Please cross verify the NAT rules configured at VPN gateway level. For your reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/nat-howto#part-2-create-nat-rules
•  Before creating NAT rule, please go through the NAT limitations once: https://learn.microsoft.com/en-us/azure/vpn-gateway/nat-howto#nat-limitations
•  Please try to create UDRs from VNET_azure & VNET_vpn level and test the connectivity once. In VNET_azure: Route: 192.168.44.0/22, Next hop type: Virtual appliance, Next hop IP address: VPN Gateway IP In VNET_vpn: Route: 10.2.132.14, Next hop type: Virtual appliance, Next hop IP address: IP of the VPN Gateway.

Kindly let us know if the above helps or you need further assistance on this issue.

Regards,

Sai Prasanna.