AZ-700 Microsoft Azure Networking Solutions- Virtual NAT

  1. Create a Virtual NAT

In this video, we’re going to talk about the concept of a net gateway. Net stands for Network Address Translation and is primarily used to provide outbound to Internet connectivity for virtual networks. So what this means is that you can have your virtual machines that have private IP addresses connect to the Internet over a known and predetermined IP address. So you could assign your virtual machines a public IP address, and that’s the IP it will use to communicate. You could put your VMs behind a load balancer, which has a public IP, and that would be used for communication. But if you’ve got private virtual machines that don’t have a public IP address, you basically then don’t have any way to allow that machine to have private access through a firewall to another network without approving a whole wide range of Azure outbound addresses.

So effectively, what we’re doing is having a predetermined static address for outbound access from private virtual machines to create a Nat gateway. We go into the marketplace, search for Nat gateway. You’ll find it. We’re going to create one, put one into our existing resource group, have to give it a name, keep it in the same region. This does support Availability Zones, but we’re not using a region that has Availability Zones. And the question here is, how long do we want the net gateway to be alive in terms of keeping idle flows? So you can basically disconnect those connections. After four minutes, it’s between four and 120. So on this page, we’re going to create a new IP address. Now, I could reuse my existing IP that I use for my application gateway, but let’s just use one for this, my Nat say, okay, so this is, as we saw, a static IP address.

That means that it’s going to be basically given to me. And I can assure that that’s not going to change. It’s not dynamic. Now, as soon as I associate this with a virtual network and the subnet, then all traffic from that is going to be directed through this net. So I don’t get the front end tier, because it does have a public IP address associated with it, but I can’t choose my mid tier, which is the private tier of my solution. I do have a couple of VMs in this tier, I believe. And so this is what’s going to be assigned to this Nat gateway. And we’ll just click the Review and Create and the Create button. All right, so the Nat gateway has been created. Now, what we will find is we go to our virtual network, and we use the application tier, the midtier. And what we’re going to find is any devices that are attached to this midtier are going to use this IP address.

So let’s go back up here to the resource group, choose the Nat gateway. We do have a public IP address. This is this address that anything attached to the mid tier is going to use to connect to the Internet. Just going to start my VMs here in the mid tier. Now, since my mid tier server has a private IP address only, I’m going to have to do my trick that I did before, which is remote into another VM and then remote into the private VM. I could also have a bastion service that we haven’t talked about in this course, but this is basically using my front end as a jump box. So I’ve started the front end, I can connect. Now I’m remoted into the front end server. Now I’m going to remote into the mid tier server.

And we did all that just so that we can test the IP address of the mid tier server as it reaches the public Internet. So this mid tier server is 100 68 on the private IP address. Let’s just put this to the side for a second. 1068 private. It doesn’t have a public. What we are expecting here is that if we look at our Nat, the address is 1364 50 78. So what I want to see is go into here and we’re going to go to one of those websites that tells you your IP address. So what is myip. com probably full of viruses but whatever. Come on. Come on. Internet Explorer. All right, so our public IP address from this private server matches the net. So we successfully created a device that maintains one or more of these static IP addresses that our private infrastructure can use to connect to the Internet. And that’s called a Nat gateway.

img