How to route all internet bound traffic originating from a VM flow through a NVA

Abhi 0 Reputation points

I have 2 subnets inside a VNet, default subnet & NVA subnet. I have one VM(windows server 2022 datacenter) inside NVA subnet configured as a NVA with ip forwarding enabled at NIC level and in OS level I have enabled LAN routing. This NVA machine is having a public IP as well. In the default subnet I have one Windows VM.

Now I want to route all internet bound traffic originating from VMs inside default subnet flow through the NVA VM inside NVA subnet. I created one route table and created one custom user defined route with destination CIDR range as, next hop type as Virtual appliance and next hop address as NVA VM's private IP address and attached this route to default subnet. Still VMs inside default subnet are not able to connect to the internet. Please suggest.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,198 questions
{count} votes

2 answers

Sort by: Most helpful
  1. GitaraniSharma-MSFT 48,011 Reputation points Microsoft Employee

    Hello @Abhi ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you are trying to route your VM's traffic via a NVA in another subnet but it is not working.

    You mentioned that you've configured the NVA with IP forwarding enabled at NIC level and in OS level.

    I would request you to validate the same again following the below tutorial:

    Could you also check if you have any NSGs on the NVA or VM NIC or subnet denying the traffic?

    Additional troubleshooting documents that you can refer: <-- check the effective routes of your VM to validate that the UDR is active.

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. Abhi 0 Reputation points

    Hello Gita,

    Thanks for your assistance in debugging the issue.

    I am able to resolve the issue. Earlier I had enabled only LAN routing in the Windows server(NVA machine). Then understood that I have to enable NAT also as part of RRAS.

    I attached 2 NIC card to the VM. One for internal LAN and the other for external facing subnet(having public IP). I enabled IP forwarding from portal for both the NIC. Configured NAT. Attached a route table to workload/default subnet having route to internet via NVA VM(internal LAN IP).Now the VMs inside workload/default subnet are able to connect to internet via NVA VM. checked using wireshark.

    Though ping to internet(let's say is not working from the workload VMs.

    Can you please validate this solution?