Please make Site-to-Site VPN avaiable for devices behind a NAT and not on public IP
Please make Site-to-Site VPN avaiable for devices behind an router an not only public ip
Customer experience is not good due to frequent disconnects. At this time we will not be moving forward with this feature for that reason.
hacker can do why not azure officially
Jamie Gruener commented
This is done all the time in other environments. Why is Azure unique?
Daniel Gonzalez commented
It would be very useful support a fqdn. Then, customer could configure a S2S VPN using a dynamic IP on premises based on Dynamic DNS...
Small business scenarios will be very thankful !
To allow/accept dynamic IP from the on premise to the S2S Azure VPN, hope can be setup without requires Static Public IP
I'm sure Yushun wouldn't approve but this is how I achieved it using VyOS and an Azure static gateway (so there are limits). If these are SMBs, I'm sure they only have a single site anyway so a static gateway may suit them. VyOS is free, just needs somewhere on-premises to run a very small Linux distribution.
Thomas Lee commented
the 'it's under review' comment was over a year ago (which is a very long time in Azure terms!). can we have some idea as to when the review will be over and we can create nat-able VPNs. These things have been around for over a decade and are fully supported inside Windows Server 2012. It can't be THAT difficult - can it be?
This is actually entirely possible! I currently connect a Site-to-Site VPN across a number of subnets, a fixed IP, and finally connecting to a standard home ADSL link with dynamic IP and NAT
all connecting via strongswan / linux - email me at - firstname.lastname@example.org
Thomas Lee commented
I'd like to be able to create a site-site VPN to connect my on premises net to Azure where the on premises network sits behind a NAT device. Can we have some other mechanism that, in particular, allows the on-premises network to sit behind a NAT/Firewall. Many of my SMB clients use some sort of ADSL, with their network behind the router/adsl device. NAT is practiced on almost all these devices, plus there is only one public IP address. It would be nice to use something that does not require the public IP address and forbids NAT devices.
we cannot get public IP to our gateways (Cisco ASA) in some sites because the connectivity is provided by / shared from the owner of the property, so NAT traversal is crucial.
Also, the public IP of these sites also change, would it be possible to make site-to-site vpn possible from sites without a static public IP?
It will be great if that could be done