S2S Policy Based VPN Natting

Lavakumar R 36 Reputation points
2022-11-03T14:52:48.193+00:00

We have an active support ticket open with Microsoft/Azure.

We are trying to setup a S2S VPN in Azure with our support partner where our resources in Azure are presented on the IPSEC tunnel.

The problem is we have a IP clash between our Azure IP address space and Support partner Address space and other problem is support partner can only facilitate policy based connection.

As we have IP clash, we thought of doing NAT for our private IP address space, however policy based traffic connection doesn't support NAT as per the MS limitations.

We have Azure firewall on our environment between our VPN gateway and resources vnet, is there any way we can do the natting before the traffic reaches the VPN gateway and use the public IP address on the vpn tunnel

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,379 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
564 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,256 Reputation points Microsoft Employee
    2022-11-03T17:25:35.977+00:00

    Hi,

    Unfortunately there are no other way as policy based connection doesn't support NAT. And you cannot perform a NAT before VPN gateway.

    If you cannot choose different ip space where there are no clash, you will need to switch your On-Prem router to another one which supports route based connection.

    Regards,
    Karthik Srinivas