Azure Nat Configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Nat Configuration

L1 Bithead

With the NAT VM no longer being required and you can assign a public address to NIC1  I have a question on the NAT process concerning only connectivity from resources to the interent. Do you need to configure a source nat policy or do you just forward traffic to 0.0.0.0/0 via a static route to the .1 address of the subnet on NIC1 and the Azure environment will do the translation? It is my understanding you only assign the public IP address to the VM NIC and do not assign this to an interface within the Palo Alto configuration?

Thanks,

Steve

2 REPLIES 2

L2 Linker

Steve,

   For outbound, just add a static route that forwards trafffic as you suggest. I *think* you can just forward it to eth 1/1 (an not mention the ip address of the subnet) of the fw -- assuming eth1/1 is what NIC1 is connected to. 

 

The NIC in Azure has the public IP and the firewall doesn't even see it. It only see the private address.

I was not able to get this to work without putting a source nat policy in and after I put that in internet access is available. 

nat-type ipv4;
from trust;
source any;
to INTERNET;
to-interface ethernet1/1 ;
destination any;
service any/any/any;
translate-to "src: ethernet1/1 x.x.x.x (dynamic-ip-and-port) (pool idx: 1)";

  • 5035 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!