question

MichelangeloStillante-5603 avatar image
0 Votes"
MichelangeloStillante-5603 asked ·

Azure VPN - Overlapping networks

@GitaraniSharmaMSFT-4262

hi Sharma
i'm very sorry with boring you, maybe, but would like to have a clear idea about this.....

you said....
"... When using a virtual network as part of a cross-premises architecture, you need to make sure to carve out an IP address range that you can use specifically for this virtual network. If a duplicate address range exists on both sides of the VPN connection, traffic will route in an unexpected way. Azure VPN Gateway will NOT perform any NAT-like functionality on the inner packets to/from the IPsec tunnels and hence you can't have overlapping IP address ranges between Azure & local sites. ...... So to answer your query in simple terms: Why between two customers NOT using Azure this is possible : 3rd party VPN devices support NAT, hence this is possible. Why between two customers using Azure this is NOT possible : Azure VPN gateway doesn't support NAT, hence this is not possible. Kindly let us know if the above helps or you need further assistance on this issue. Please "Accept the answer" if the information helped you. This will help us and others in the community as well."

ok i understood that is not possible do it. as you said "....traffic will route in an unexpected way... ". ok i understood and have to accept it

but.... if this is possible for outside Azure, Why this is not possible inside Azure? Why Azure doesn't support NAT ?
is there a technical reason ?
security reason ?
technology limit ?
market strategy?

hope to be clear and once again sorry for pushing about a more technical answer

thks very much.
have a nice day, wonderful weekend
regards

/michelangelo

azure-virtual-network
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @MichelangeloStillante-5603 ,

Thank you for reaching out. I am fine and I hope you are as well.

Coming to your query, I'm not sure if we have a simple explanation (excluding the in depth architecture & stuff) to provide on why NAT isn't supported on Azure VPN gateway but let me check with the Product group team and get back to you on that.

However, I would like to inform you that this limitation is going to end soon. NAT support on Azure VPN gateway is in works and will be released soon as Public preview for use.

Thanks,
Gita

0 Votes 0 ·

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered ·

Hello @MichelangeloStillante-5603 ,

I spoke to the Azure VPN Product Group team and below is what they have to say on why NAT was not supported by Azure VPN:

"Given finite resources, we have to prioritize the features that we can deliver. We have a long list of features and enhancements that we want to deliver so we go by the popularity of the customer ask."

And on popular demand, this feature is now going to be released soon. The approx. ETA for the Public preview of NAT support on Azure VPN would be a couple of months from now.

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Dear Sharma,

you don't know how much i might thk you for your kindness and availability and proactivity.

thks very much
have a nice weekend

kindest regards

/michelangelo

0 Votes 0 ·
GitaraniSharmaMSFT-4262 avatar image GitaraniSharmaMSFT-4262 MichelangeloStillante-5603 ·

My pleasure & always happy to help @MichelangeloStillante-5603. You too have a great weekend :)

0 Votes 0 ·