Share via

How to NAT traffic into private link endpoint

Tyler McCoy 65 Reputation points
2023-10-24T22:55:53.3433333+00:00

Hi, thank you in advance!

I'm currently trying to figure out the best path forward to NAT traffic from AKS node pool subnets into a private link endpoint. The reason we want to do this is that the vendor we are integrating with offers network security functionality that allows our customers to whitelist inbound traffic based on IP CIDR and we don't want to have to have customers whitelist the entire node pool subnet's IP space to use that functionality.

I realize I can do this with linux VM's acting as NAT's but I wanted to check with the community and see if anyone had a solution that was easier to maintain.

Below is a diagram of what I'm trying to accomplish.

Azure Subnet

Thanks!

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,197 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
471 questions
Azure NAT Gateway
Azure NAT Gateway
NAT Gateway is a fully managed service that securely routes internet traffic from a private virtual network with enterprise-grade performance and low latency.
24 questions
Accepted answer
  1. KapilAnanth-MSFT 36,396 Reputation points Microsoft Employee
    2023-10-31T04:31:29.1366667+00:00

    @Tyler McCoy

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to NAT a private Traffic in Azure VNETs.

    You can consider using the SNAT feature of Azure Firewall to NAT RFC 1918 traffic in Azure VNET .

    Refer : Azure Firewall SNAT private IP address ranges

    • Note: The NAT will be performed to one of the Private IP ranges in the FirewallSubnet Or you could use a custom NVA as you have mentioned to perform the NAT.

    Hope this helps.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest