Azure VPN - Overlapping networks

Michelangelo Stillante 41 Reputation points
2021-03-19T08:58:57.68+00:00

@GitaraniSharma-MSFT

hi Sharma
i'm very sorry with boring you, maybe, but would like to have a clear idea about this.....

you said....
"... When using a virtual network as part of a cross-premises architecture, you need to make sure to carve out an IP address range that you can use specifically for this virtual network. If a duplicate address range exists on both sides of the VPN connection, traffic will route in an unexpected way. Azure VPN Gateway will NOT perform any NAT-like functionality on the inner packets to/from the IPsec tunnels and hence you can't have overlapping IP address ranges between Azure & local sites. ...... So to answer your query in simple terms: Why between two customers NOT using Azure this is possible : 3rd party VPN devices support NAT, hence this is possible. Why between two customers using Azure this is NOT possible : Azure VPN gateway doesn't support NAT, hence this is not possible. Kindly let us know if the above helps or you need further assistance on this issue. Please "Accept the answer" if the information helped you. This will help us and others in the community as well."

ok i understood that is not possible do it. as you said "....traffic will route in an unexpected way... ". ok i understood and have to accept it

but.... if this is possible for outside Azure, Why this is not possible inside Azure? Why Azure doesn't support NAT ?
is there a technical reason ?
security reason ?
technology limit ?
market strategy?

hope to be clear and once again sorry for pushing about a more technical answer

thks very much.
have a nice day, wonderful weekend
regards

/michelangelo

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,089 questions
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 46,261 Reputation points Microsoft Employee
    2021-03-19T16:19:37.267+00:00

    Hello @Michelangelo Stillante ,

    I spoke to the Azure VPN Product Group team and below is what they have to say on why NAT was not supported by Azure VPN:

    "Given finite resources, we have to prioritize the features that we can deliver. We have a long list of features and enhancements that we want to deliver so we go by the popularity of the customer ask."

    And on popular demand, this feature is now going to be released soon. The approx. ETA for the Public preview of NAT support on Azure VPN would be a couple of months from now.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful