Hide VM Private over S2S VPN

hmo1-6634 0 Reputation points
2024-07-13T20:38:24.2033333+00:00

Hello,

I have a must have requirement to have my VM Internal IP NAT to a Public IP that is unique over a IPSec VPN tunnel. This is for security purposes and not due to overlapping subnets.

I have the S2S VPN tunnel setup, but I am unable to find a way to have my private address take either the azure tunnel ip or a designated public ip when sending traffic over the vpn.

Is this possible at all?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,555 questions
Azure NAT Gateway
Azure NAT Gateway
NAT Gateway is a fully managed service that securely routes internet traffic from a private virtual network with enterprise-grade performance and low latency.
37 questions
{count} votes

1 answer

Sort by: Most helpful
  1. KapilAnanth-MSFT 46,776 Reputation points Microsoft Employee
    2024-07-15T10:59:59.8866667+00:00

    @hmo1-6634 ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I am afraid that your understanding of Azure VPN Gateway S2S Connection

    • The purpose of S2S Connection is to establish connectivity between Azure VNET and OnPrem over a private range
    • You cannot route Public IP via a S2S Tunnel

    If you don't want to expose the actual IP of your Azure VNET, you can consider VPN Gateway NAT feature.

    • NOTE : NAT feature can only NAT to a different private IP Range, not to any public IP.

    Should there be any follow-up questions or concerns, please let us know and we shall try to address them.

    Thanks,

    Kapil

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.