Inter-VNet connection possibilities with overlapping address ranges

cv 1 Reputation point

I need to create independent groups of 2-3 VMs. In each group there must be a network with a fixed, private CIDR (e.g., which is used for inter-VM communication. The important thing is, that the CIDR cannot be changed and need to be the same in each of the VM groups.

In order to achieve that, I created a dedicated VNet with every VM group which contains the mentioned subnet. Everything works fine as long as it runs isolated. Now, I have a seperate, private VNet that must be accessible by the VM groups as well as it contains some shared services. However, due to the overlapping network address ranges of the VM group VNets I cannot peer more than one group VNet with the shared services VNet as I would usually do this in a Hub-Spoke topology.

On other cloud platforms (VMware, OpenStack) this setup is not problematic as, for instance, I can connect each VM to multiple networks (as in VNet) at the same time. Unfortunately, from my understanding this cannot be done in Azure as each VM can only be connected to multiple networks as long as those belong to the same VNet (please correct me if I'm wrong with that).

What other options do I have to connect the VMs to the shared services? The traffic must be internal (no routing through public networks) and due to the expected number of VM groups (100+) I aim for a lightweight solution (establishing a VPN for each VM group seems to introduce a lot of overhead in terms of complexity and possibly reduced network performance).

A NAT-based solution would do but it seemed to me NAT gateways are only working with public IP adresses.

I really hope I'm just overseeing a simple approach here but right now I am stucked with the virtual networking restrictions in Azure.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,035 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. suvasara-MSFT 9,986 Reputation points


    AFAIK, A private to private NAT service Is not yet available today. Subnet address spaces cannot overlap one another. I would recommend you post you this feature request here in this feedback section for its future availability.

    You can upvote it and other features that are of interest. In general, Azure feature team would check feasibility of a feature request, triage it, prioritize against existing feature backlog, add in roadmap as appropriate and would announce and/or update the related Azure document once a feature request is addressed.

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.