Good Day, We are wanting to tie a specific public IP that we have as a resource in our Resource Group for egress access. Our AVD hosts are the target for this. These AVD hosts though are part of a bigger Virtual Network that includes many other resources that we do not want to affect with this. When I am in the process of creating this NAT Gateway and choose the virtual network, there does not seem to be a way to only select the subnet with that vnet. Are we stuck and we have to look at either giving each AVD host (only 4 so far) a public IP each, A Load Balancer which comes with the disclaimer (port allocation need to be declared upfront). My question boils down to can we just apply Nat Gateway to 1 /24 subnet of the larger virtual network?

Hi, My question boils down to can we just apply Nat Gateway to 1 /24 subnet of the larger virtual network? A: Yes. You can choose which subnets are associated with the NAT Gateway. You must have it associated with at least one subnet, but can choose multiple subnets if you want. During creation it asks you to select the Virtual Network and then you must choose which subnet(s) you want associated. In addition, after your NAT Gateway has been created you can click on the Subnets blade and make changes. Please click Accept Answer and upvote if the above was helpful. Thanks. -TP

Azure NAT Gateway for specific subnet or VMs but not all

Accepted answer

TP 78,666 Reputation points

2024-03-08T00:32:34.5966667+00:00

Hi,

My question boils down to can we just apply Nat Gateway to 1 /24 subnet of the larger virtual network?

A: Yes. You can choose which subnets are associated with the NAT Gateway. You must have it associated with at least one subnet, but can choose multiple subnets if you want. During creation it asks you to select the Virtual Network and then you must choose which subnet(s) you want associated.

In addition, after your NAT Gateway has been created you can click on the Subnets blade and make changes.

Please click Accept Answer and upvote if the above was helpful.

Thanks.

-TP
Please sign in to rate this answer.

1 person found this answer helpful.
mpls 80 Reputation points

2024-03-08T01:25:10.8766667+00:00

Thank you kindly! I didn't see that before because I did not choose the proper vnet initially and therefore did not see the subnets populate. This will work really nicely for us.

mpls 80 Reputation points

2024-03-08T01:25:58.0166667+00:00

Much thanks to TP for the quick and knowledgeable response. The subnets do populate after selecting the virtual network.

mpls 80 Reputation points

2024-03-08T01:33:35.6466667+00:00

Okay but maybe there is more involved for me. This NAT Gateway is for a pool of AVD hosts where we want any egress activity to use the same outgoing public IP. Perhaps the could break authentication for public AVD access because that return traffic will not be using the normal path?

GitaraniSharma-MSFT 48,011 Reputation points Microsoft Employee

2024-03-08T07:26:34.79+00:00

Hello @mpls ,

Azure NAT Gateway is a fully managed and highly resilient Network Address Translation (NAT) service. NAT gateway provides outbound connectivity from a virtual network. Return traffic in direct response to an outbound flow can also pass through NAT gateway. No inbound traffic directly from the internet can pass through NAT gateway.

Azure tracks the direction of a flow, and asymmetric routing will not occur. Inbound originated traffic will be translated correctly, such as a load balancer frontend IP, and it will be translated separately from outbound originated traffic through a NAT gateway. This separation allows inbound and outbound services to coexist seamlessly.

Refer: https://learn.microsoft.com/en-us/azure/nat-gateway/nat-overview

https://learn.microsoft.com/en-us/azure/nat-gateway/faq#can-nat-gateway-be-used-to-connect-inbound

https://learn.microsoft.com/en-us/azure/architecture/networking/guide/well-architected-network-address-translation-gateway#operational-excellence

Could you please let me know which traffic flow you are concerned about?

Regards,

Gita

mpls 80 Reputation points

2024-03-08T16:08:43.4066667+00:00

Thank you, Gita!

KapilAnanth-MSFT 36,396 Reputation points Microsoft Employee

2024-03-13T12:54:03.3833333+00:00

Hello @mpls ,

Thanks for your continued contribution on Q&A and appreciate much for taking the time to share your feedback.

Cheers,

Kapil
Sign in to comment

Share via

Azure NAT Gateway for specific subnet or VMs but not all

0 additional answers