Private NAT for VM outbound to on prem
If an Azure VM sits in a vnet (call it app-vnet) peered with a vnet that's VPN connected (call it vpn-vnet) to on-prem, and the VM needs to establish connectivity with an on-prem VM, a NAT gateway cannot snat the traffic from app-vnet using an IP from vpn-vnet, since the only kind of outbound IP a NAT gateway can use is a public IP.
I actually don't know what azure solution could snat from a vnet using a private outbound IP of another vnet... Azure Firewall maybe?
Thank you for your feedback. We will take a look at this scenario.
Aamir Hussain commented
Any Update on this? We have a same scenarios where we have an app(call it App1) which is connecting to an FTP server through NAT gateway(using Public) and another app(call it App2) within same app service plan(call it ASP1) connected to on-premise network (VPN Connected). If I connect NAT gateway my App1 works but App2 stope and if I remove NAT gateway my App2 runs and App1 work. I can't create two VNets.
Jaroslav Jindrich commented
We have same request - have AKS behind NAT
Rune Myrhaug commented
Yes, AzureFirewall is a solution on this case. But that is an expensive solution!
AKS (Azure Kubernetes Service) is a use-case where a NAT-GW with support for private-ip is needed, because AKS best practice is to use big CIDR's (/16) and we don't want to use our reserved internal ip-rages for this.