Hi, today I want to talk to you about Azure Virtual Network NAT, this functionality allows us to simplify and unify the outgoing Internet connectivity for virtual networks in Azure. it is configured at the subnet level and all outbound connectivity uses a single specified IP or a range of public IPs. This requires the creation of an Azure NAT gateway resource, which is part of the NAT virtual network and provides outbound Internet connectivity to one or more subnets of a virtual network.

In this post, I will show you how to deploy an Azure NAT gateway using PowerShell and Azure CLI.

Features and limitations:

  • The public IPs used in the subnet must be of the standard type.
  • Supports a maximum of 16 public IPs
  • Only SKU Standard load balancers are compatible.
  • By default, a TCP inactivity timeout of 4 minutes is set, but it can be increased to 120 minutes.
  • When using availability zones, NAT can be implemented and isolated at the zone level.
  • The NAT data path has an SLA of 99.9%.

Important: if you have a VM in your subnet that has a public IP to allow you to access the VM. The public IP address of the VM will not be used for outgoing connections.

Once explained the characteristics of the Azure Virtual Network NAT we can begin this tutorial.

Prerequisites

  • You created a Resource Group for these resources and the new ones deployed in this tutorial will join that group. If you want to know how to create a Resource Group, check out this link.
  • You already created the necessary Virtual Network and subnet. If you want to know how to create a Virtual Network, check out this link.

Azure PowerShell Workaround

If you want to know how to install the PowerShell Azure module on your machine, check out this link.

The simplest way to get started is to sign in interactively at the command line.

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.

If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Once you set your default subscription, you’re ready to start.

Set the variables

Here, we define the characteristics of our environment and the resource’s properties.

Create a public IP address

To create a public IP address, you must use the New-AzPublicIpAddress cmdlet with the following syntax.

Get-AzPubicIpAddress

Create a public IP address prefix

if you want to use an IP address prefix, you should use the New-AzPublicIpPrefix cmdlet with the following syntax.

Get-AzPubicIpPrefix

Create an Azure NAT gateway

In this section, you will create an Azure NAT gateway using the New-AzNatGateway cmdlet. Here you can use the public IP and/or the range of IPs that we have previously created.

Associate the subnet to Azure NAT gateway

Finally, we associate the NAT Gateway resource with the desired subnet. To do this we first check that the subnet is no longer associated with another NAT Gateway.

Get-AzVirtualNetworkSubnetConfig

and then using the following commands we associate the NAT gateway with the desired subnet, in the case of this example, the “Default” subnet.

Verify the deployment

You can use the following command to verify the implementation of the NAT Gateway.

Azure NAT Gateway

Azure CLI Workaround

In this case, we will use Azure Cloud Shell, a browser-based shell built into Azure Portal. This allows us to use the Azure command-line tools (Azure CLI and Azure PowerShell) directly from a browser. If you want to know more about Azure Cloud Shell, check out this link.

First, declare the variables of the resource group and define the name of the public IP prefix that will be created in the next step.

Create a public IP address

To create a public IP address, you must use the following command.

Azure CLI Public IP

Create a public IP address prefix

if you want to use an IP address prefix, you should use the following command.

Azure CLI Public Prefix

Create an Azure NAT gateway

In this section, you will create an Azure NAT gateway. Here you can use the public IP and/or the range of IPs that we have previously created.

Azure NAT Gateway

Associate the subnet to Azure NAT gateway

Finally, we associate the NAT Gateway resource with the desired subnet.

Azure CLI NAT Gateway

Verify the deployment

You can use the following command to verify the deployment.

Azure NAT Gateway

Thanks for reading my post. I hope you find it useful.

If you want to know more about Azure Virtual Network NAT, check out this link:https://docs.microsoft.com/en-us/azure/virtual-network/nat-overview