question

BalaguruKrishnamoorthy-9770 avatar image
0 Votes"
BalaguruKrishnamoorthy-9770 asked BalaguruKrishnamoorthy-3840 commented

Site to site VPN tunnel in Azure virtual WAN

We need to build a tunnel between on premise device with Azure using Virtual WAN network gateway, but we need to double nat subnet on both locations( to hide both VNET subnet as well as on premise internal subnets).It seems VPN gateway does not support port address translation to use single NAT IP. Is there any other option to achieve it.

azure-vpn-gatewayazure-virtual-wan
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SaiKishor-MSFT avatar image
0 Votes"
SaiKishor-MSFT answered BalaguruKrishnamoorthy-3840 commented

@BalaguruKrishnamoorthy-9770 Thank you for reaching out to Microsoft Q&A. I understand that you want to NAT traffic on both sides of the VPN i.e. on Azure as well as On-premise sides. Azure VPN Gateway supports only 1:1 NAT rules. It does not support Port Address Translation or PAT. If you want to implement PAT on Azure side, I would suggest you to go with a 3rd party VPN solution on Azure Marketplace such as VNS3. Hope this helps.

Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

can we use VM series Palo alto firewall for site to site termination with Port address translation capability. i don't find in the list provided from marketplace.

0 Votes 0 ·
SaiKishor-MSFT avatar image SaiKishor-MSFT BalaguruKrishnamoorthy-9770 ·

@BalaguruKrishnamoorthy-9770 It should be possible to implement Palo Alto Firewall in Azure and implement PAT using the same. However, it is best to talk to Paloalto support regarding the same. Hope this helps. Thank you!

Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.



0 Votes 0 ·

TThanks for your advise, i will check with PA.

0 Votes 0 ·