No Internet Access from an Azure Virtual Network with a NAT Gateway

Hi Frank F. Fabiano Admin,

welcome to Microsoft Q&A and thank you posting your query here!

Below are comprehensive steps to help you enable internet access for your Azure VMs through a NAT Gateway. Please follow each step carefully and refer to the official Microsoft documentation links provided.

Step-by-Step Solution: Enabling Internet Access with Azure NAT Gateway:

1. Confirm NAT Gateway Setup and Public IP Association

• In the Azure Portal, search for and select NAT gateways.
• Locate your NAT Gateway (e.g., NGW-VMS-02).
• Ensure it has a Public IP address (e.g., FA-Azure-PIP-02) assigned, and it is of “Standard” SKU.

Reference: Quickstart: Create a NAT gateway.

2. Verify Subnet Association

• Under your NAT Gateway's settings, select Subnets.
• Make sure it is associated with the desired subnet (e.g., “default” 172.24.118.0/24) of your virtual network (e.g., FA-Azure-118).
• If not, associate the correct subnet here.

Reference: Associate a subnet.

3. Review and Remove Custom Route Tables (if any)

• Go to Route tables in the portal.
• If a custom route table is linked to your subnet, ensure there are no routes overriding 0.0.0.0/0 to any destination except “Internet.”
• Remove or adjust any conflicting routes that could redirect default traffic away from the internet.

Reference: Check Azure routing.

4. Check Network Security Groups (NSGs)

• Go to Network Security Groups.
• For the subnet and VM NIC, ensure there is an outbound rule allowing Internet traffic (0.0.0.0/0, any port, Allow).
• If unsure, temporarily disassociate the NSG to rule it out as the cause.

Reference: NAT Gateway and NSG.

5. Validate VM and Subnet Configuration

Make sure both VMs’ NICs are in the correct subnet.

• The VMs should not have their own Public IP assigned—outbound NAT is handled by the subnet-level NAT Gateway.
• Ensure the VMs use a public DNS (default Azure DNS or another public resolver).

Reference: NAT Gateway requirements.

6. Restart the VMs

• Use the Azure Portal to Stop then Start each VM (not just Restart), ensuring subnet and gateway settings fully apply.

7. Test Internet Connectivity

On each VM, open a terminal/command prompt.

• For Linux, run: curl -I https://www.microsoft.com
• For Windows, run: curl -I https://www.microsoft.com

You should receive a HTTP header response, confirming outbound internet works.

8. Troubleshooting if Still Unresolved

• In Azure Portal, check your NAT Gateway’s metrics for errors.
• Use Network Watcher > Connection Troubleshoot to run outbound connectivity tests from your VMs.
• Additional troubleshooting guide: Troubleshoot Azure NAT Gateway connectivity.

If you follow these steps precisely, your VMs should have internet access through the Azure NAT Gateway. Let us know if you have any further questions!

If the information resolved your issue, kindly consider accepting the answer — it will help others who might be facing similar challenges.

Thanks,

Harish.

Thank you very much! My error was in having Public IP Addresses directly associated with my virtual machines. Once I disassociated those addresses, the NAT Gateway began to function properly.