![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 33%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E5%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,796 questions
Hi 56789,
Based on the image, NAT (Network Address Translation) should theoretically work on Connection 3. This is because you’re planning to use private BGP IP addresses at both ends (on-premises and Azure VPN gateway).
If the on-premises VPN router uses regular, non-APIPA address and it collides with the virtual network address space or other on-premises network spaces, ensure the IngressSNAT rule will translate the BGP peer IP to a unique, non-overlapped address and put the post-NAT address in the BGP peer IP address field of the local network gateway.> NAT isn't supported with BGP APIPA addresses.> https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#does-nat-work-with-bgp-connections
The use of private IP addresses for BGP should not be affected by the limitations associated with APIPA (Automatic Private IP Addressing) addresses, which are used in Connections 1 and 2. Be sure the on-premises BGP routers advertise the exact prefixes as defined in the IngressSNAT rules.
Additional MS reference:
- https://learn.microsoft.com/en-us/azure/vpn-gateway/nat-howto
- https://learn.microsoft.com/en-us/azure/vpn-gateway/nat-overview
- https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq
Luis