No internet after adding NAT gateway

Question

No internet after adding NAT gateway

Koos van Duijvenbode 1

Hi,

We are running Azure Virtual Desktop (2 host) in a seperate subnet. I added a NAT Gateway to the subnet because I want a single external IP for both host VM's.
But after adding the NAT Gateway, the connection was lost to the Azure Virtual Desktop vm's. I have restarted both VM's, but it not solved the problem. I can reach the VM's with RDP from another server in Azure (different subnet). I can ping internal IP addresses from the two Azure Virtual Desktop vm's, but pinging external IP addresses will fail (like ping 8.8.8.8).

I have no idea what's going wrong, all the manuals I found about configure NAT Gateway were prety straight forward..

GitaraniSharma-MSFT 50,021 Reputation points Microsoft Employee Moderator

2022-04-20T10:32:14.123+00:00

Hello @Koos van Duijvenbode ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

Virtual Network NAT gateway supports IPv4 UDP and TCP protocols. ICMP is not supported and is expected to fail.
Refer : https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/troubleshoot-nat#how-to-validate-connectivity

Please test internet connectivity by using a TCP ping tool such as psping etc.

Also, when you say "after adding the NAT Gateway, the connection was lost to the Azure Virtual Desktop vm's", how was the connection established before adding the NAT gateway?
Is it via RDP?
And from where you have established this connection?
Are you using an instance level Public IP on the VM for inbound connections/RDP?

Regards,
Gita

3 answers

Your answer

GitaraniSharma-MSFT 50,021 Reputation points Microsoft Employee Moderator

2022-04-20T10:32:14.123+00:00

Hello @Koos van Duijvenbode ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

Virtual Network NAT gateway supports IPv4 UDP and TCP protocols. ICMP is not supported and is expected to fail.
Refer : https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/troubleshoot-nat#how-to-validate-connectivity

Please test internet connectivity by using a TCP ping tool such as psping etc.

Also, when you say "after adding the NAT Gateway, the connection was lost to the Azure Virtual Desktop vm's", how was the connection established before adding the NAT gateway?
Is it via RDP?
And from where you have established this connection?
Are you using an instance level Public IP on the VM for inbound connections/RDP?

Regards,
Gita

Answer 1

Luis Rodriguez 6,226 Microsoft Employee

Hello @Koos van Duijvenbode

Can you please check that there are no NSG rules or UDRs applied to that subnet that could be blocking NAT gateway from directing traffic outbound to the internet?

More info:
https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/troubleshoot-nat#common-connection-issues-with-nat-gateway
https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview#virtual-network-nat-basics

I hope this helps!

----------

Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Koos van Duijvenbode 1 Reputation point

2022-04-19T21:01:19.823+00:00

So far I understand, not. I have just a default NSG attached:

I tried also without a NSG. But same problem...
Luis Rodriguez 6,226 Reputation points Microsoft Employee

2022-04-20T00:23:12.083+00:00

Thanks for the reply,

Could you test the Internet connection for one of the AVD hosts towards an external destination (8.8.8.8 over TCP 443, for example) instead ICMP using Network Watcher Connection Troubleshoot?
For reference: https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-portal

If the connection is blocked I would suggest, just for testing purposes, to deploy a new VM in a new subnet, connect it to the NAT Gateway and check if the connection works in this scenario.

This should help to identify where the issue is.
Koos van Duijvenbode 1 Reputation point

2022-04-20T06:27:14.137+00:00

Thanks, i will try this in the evening, I cannot test it in office time, because the AVD will be offline.
Luis Rodriguez 6,226 Reputation points Microsoft Employee

2022-04-20T11:50:38.75+00:00

Thanks @Koos van Duijvenbode , as Gita suggested please generate TCP or UDP traffic as NAT Gateway does support ICMP

Answer 2

risolis 8,741

Hello @Koos van Duijvenbode

I would like to make a small comment and contribute something for what @Luis Rodriguez gathered before....

Based on what you provided above... So, you have 2 VMs and you added NAT GW in order to have them being accessible from one Public IP address. Please correct me if I am mistaken.

VM-1 and VM-2 are on different Subnets( Subnet1 and Subnet2) and then to have their traffic being NAT on this Public IP to Internet....

Koos van Duijvenbode 1 Reputation point

2022-04-20T06:25:09.497+00:00

Hi,

For the complete picture:

VNET01-SUBNET01
Domain Controller
Application Server

VNET01-SUBNET02
Azure Virtual Desktop 01
Azure Virtual Desktop 02

I added the NAT GW to SUBNET02, both VM's in SUBNET02 goes offline. But both are reachable from SUBNET01.
risolis 8,741 Reputation points

2022-04-20T06:45:35.587+00:00

Are you trying to ping/RDP them from internet to this public IP?

Have you checked the IP table from the VM at their NIC's?
Koos van Duijvenbode 1 Reputation point

2022-04-20T12:07:11.297+00:00

No, I try to ping the internet from the VM. But I cannot browse to anything and the both hostservers are offline in AVD.

Answer 3

Koos van Duijvenbode 1

Shoot me, I configured the NAT GW this evening again to troubleshoot. But guess what, this time the VM went offline for a few seconds and came back with his NAT GW IP address... I didn't change anything.

So, it solved itself...

Thanks for the help :)

risolis 8,741 Reputation points

2022-04-20T22:02:02.98+00:00

No way hehehe.

Thanks a lot for your feedback!
Luis Rodriguez 6,226 Reputation points Microsoft Employee

2022-04-20T22:29:28.487+00:00

Thanks to you for letting us know
GitaraniSharma-MSFT 50,021 Reputation points Microsoft Employee Moderator

2022-04-21T05:59:38.557+00:00

Thank you for the update, @Koos van Duijvenbode . Glad to hear that the issue is resolved.

Share via

No internet after adding NAT gateway

3 answers

Your answer