Network address translation on Point to site VPN gateway

Deokyong Song 21 Reputation points
2022-04-20T04:04:23.543+00:00

I have some devices configured with a router that is established the Azure point to site VPN connection.
No issue talking to a VM in the Azure cloud with these devices.

The problem is, that all IP addresses the VM sees are VPN IP which is Azure allocated.

How can I apply a NAT policy so the VM can distinguish all on-site devices?

For example, the on-site devices live on 10.99.0.0/24 and its router 192.168.1.2 for its VPN IP. However, I want the VM in the cloud would be able to see its real IP like 10.99.0.12 rather than 192.168.1.2 which is VPN IP.

Is it possible to implement a NAT in this situation? 10.99.0.0/24 -> 10.7.0.0/24

Thank you in advance.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,368 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,131 questions
0 comments
Accepted answer
  1. GitaraniSharma-MSFT 46,931 Reputation points Microsoft Employee
    2022-04-20T05:44:06.23+00:00

    Hello @Deokyong Song ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know if it is possible to implement NAT on your Azure Point to site VPN connection.

    The P2S VPN client address pool is a range of private IP addresses that you specify in the P2S VPN gateway configuration and the clients that connect over a Point-to-Site VPN dynamically receive an IP address from this range.
    Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#addresspool

    Currently, NAT is only supported on IPsec cross-premises VPN connections only. P2S connections are not supported.
    Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/nat-overview#can-i-use-nat-on-vnet-to-vnet-or-p2s-connections

    If you wish you may leave your feedback in the below forum requesting this feature. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.
    https://feedback.azure.com/d365community/forum/8ae9bf04-8326-ec11-b6e6-000d3a4f0789

    Kindly let us know if the above helped or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest