Forum Discussion
Expressroute NAT options
I am about to get an express route connection put in from a customer network with a fixed set of IP v4 addresses, lets say 10.253.253.64/27. I need to map specific IP addresses from this range to different services in different subscriptions with their own Virtual networks.
I will have the expressroute connection in it's own Subscription "ER" (Virtual network address space 192.168.3.0/23) and the services in other seperate subscriptions "SUB1" (Virtual network address space 192.168.100.0/23) and "SUB2" (Virtual network address space 192.168.200.0/23)
1) When configuring Azure Private peering in expressroute I would expect to get the ASN and VLAN from the provider, but do I use 2 smaller subnets of the 10.253.253.64/27 range in the Azure primary and secondary subnet or other completely different private subnets?
2) Once I have peered the Virtual networks into the ER address space they show up under peered virtual network address space in the ER Virtual network address space.
3) I can connect outbound through expressroute from VM1 (192.168.100.194) on SUB1 and VM2 (192.168.200.194) on SUB2
4) How do I NAT 10.253.253.70 inbound to VM1 192.168.100.194 and NAT 10.253.253.71 to VM2 192.168.200.194 on Port 3389.
If it needs Azure firewall to do this to I put it in the ER SUB or a firewall in each of the SUB1 and SUB2 subscriptions?
Yes, take a look at this:
https://learn.microsoft.com/en-us/azure/expressroute/expressroute-config-samples-nat
Hi,
I looked at that but assumed this is the customer side of the expressroute which I have no access to and they have also said they won't do any NAT on their side.
I have to do the NAT from within Azure.
