Hi, today I want to talk to you about Azure Virtual Network NAT, this functionality allows us to simplify and unify the outgoing Internet connectivity for virtual networks in Azure. it is configured at the subnet level and all outbound connectivity uses a single specified IP or a range of public IPs. This requires the creation of an Azure NAT gateway resource, which is part of the NAT virtual network and provides outbound Internet connectivity to one or more subnets of a virtual network. In this post, I will show you how to deploy an Azure NAT gateway using PowerShell and Azure CLI.
The public IPs used in the subnet must be of the standard type.
Supports a maximum of 16 public IPs
Only SKU Standard load balancers are compatible.
By default, a TCP inactivity timeout of 4 minutes is set, but it can be increased to 120 minutes.
When using availability zones, NAT can be implemented and isolated at the zone level.
The NAT data path has an SLA of 99.9%.
Important: if you have a VM in your subnet that has a public IP to allow you to access the VM. The public IP address of the VM will not be used for outgoing connections. Once explained the characteristics of the Azure Virtual Network NAT we can begin this tutorial.
Prerequisites
You created a Resource Group for these resources and the new ones deployed in this tutorial will join that group. If you want to know how to create a Resource Group, check out this
link.
You already created the necessary Virtual Network and subnet. If you want to know how to create a Virtual Network, check out this
link.
If you want to know how to install the PowerShell Azure module on your machine, check out this
link. The simplest way to get started is to sign in interactively at the command line.
Connect-AzAccount
This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:
In this section, you will create an Azure NAT gateway using the New-AzNatGateway cmdlet. Here you can use the public IP and/or the range of IPs that we have previously created.
Finally, we associate the NAT Gateway resource with the desired subnet. To do this we first check that the subnet is no longer associated with another NAT Gateway.
In this case, we will use Azure Cloud Shell, a browser-based shell built into Azure Portal. This allows us to use the Azure command-line tools (Azure CLI and Azure PowerShell) directly from a browser. If you want to know more about Azure Cloud Shell, check out this
link. First, declare the variables of the resource group and define the name of the public IP prefix that will be created in the next step.