Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this tutorial, you learn how to migrate your outbound connectivity from default outbound access to a NAT gateway.
You learn how to change your outbound connectivity from load balancer outbound rules to a NAT gateway. You reuse the IP address from the outbound rule configuration for the NAT gateway.
Azure NAT Gateway is the recommended method for outbound connectivity. A NAT gateway is a fully managed and highly resilient Network Address Translation (NAT) service. A NAT gateway doesn't have the same limitations of Source Network Address Translation (SNAT) port exhaustion as default outbound access. A NAT gateway replaces the need for outbound rules in a load balancer for outbound connectivity.
For more information about Azure NAT Gateway, see What is Azure NAT Gateway?
In this tutorial, you learn how to:
- Migrate default outbound access to a NAT gateway.
- Migrate load balancer outbound connectivity and IP address to a NAT gateway.
Prerequisites
An Azure account with an active subscription. Create an account for free.
A standard public load balancer in your subscription. The load balancer must have a separate frontend IP address and outbound rules configured. For more information on creating an Azure Load Balancer, see Quickstart: Create a public load balancer to load balance virtual machines using the Azure portal.
- The load balancer name used in the examples is load-balancer.
Note
Azure NAT Gateway provides outbound connectivity for standard internal load balancers. For more information on integrating a NAT gateway with your internal load balancers, see Tutorial: Integrate a NAT gateway with an internal load balancer using Azure portal.
Create a resource group
Create a resource group to contain all resources for this tutorial.
Sign in to the Azure portal.
In the search box at the top of the portal enter Resource group. Select Resource groups in the search results.
Select + Create.
In the Basics tab of Create a resource group, enter, or select the following information.
Setting Value Subscription Select your subscription Resource group test-rg Region East US 2 Select Review + create.
Select Create.
Migrate default outbound access
In this section, you learn how to change your outbound connectivity method from default outbound access to a NAT gateway.
In the search box at the top of the Azure portal, enter Public IP address. Select Public IP addresses in the search results.
Select Create.
Enter the following information in Create public IP address.
Setting Value Subscription Select your subscription. Resource group Select your resource group. The example uses test-rg. Region Select a region. This example uses East US 2. Name Enter public-ip-nat. IP version Select IPv4. SKU Select Standard. Availability zone Select Zone-redundant. Tier Select Regional. Select Review + create and then select Create.
In the search box at the top of the Azure portal, enter NAT gateway. Select NAT gateways in the search results.
Select Create.
Enter or select the following information in the Basics tab of Create network address translation (NAT) gateway.
Setting Value Project details Subscription Select your subscription. Resource group Select test-rg or your resource group. Instance details NAT gateway name Enter nat-gateway. Region Select your region. This example uses East US 2. SKU Select Standard. TCP idle timeout (minutes) Leave the default of 4. Select Next.
In the Outbound IP tab, select + Add public IP addresses or prefixes.
In Add public IP addresses or prefixes, select Public IP addresses. Select the public IP address you created earlier, public-ip-nat.
Select Next.
In the Networking tab, in Virtual network, select your virtual network. In this example, it's test-rg.
Leave the checkbox for Default to all subnets unchecked.
In Select specific subnets, select your subnet. In this example, it's subnet-1.
Select Review + create, then select Create.
Migrate load balancer outbound connectivity
In this section, you learn how to change your outbound connectivity method from outbound rules to a NAT gateway. You keep the same frontend IP address used for the outbound rules. You remove the outbound rule’s frontend IP configuration then create a NAT gateway with the same frontend IP address. A public load balancer is used throughout this section.
Remove outbound rule frontend IP configuration
You remove the outbound rule and the associated frontend IP configuration from your load balancer. The load balancer name used in this example is load-balancer.
In the search box at the top of the portal, enter Load balancer. Select Load balancers in the search results.
Select load-balancer or your load balancer.
Expand Settings. Select Frontend IP configuration.
Note the IP address in Frontend IP configuration that you wish to migrate to a NAT gateway. You'll need this information in the next section. In this example, it's frontend-ip-outbound.
Select Delete next to the IP configuration you wish to remove. In this example, it's frontend-ip-outbound.
Select Delete.
In Delete frontend-ip-outbound, select the check box next to I have read and understood that this frontend IP configuration as well as the associated resources listed above will be deleted.
Select Delete. This procedure deletes the frontend IP configuration and the outbound rule associated with the frontend.
Create NAT gateway
In this section, you create a NAT gateway with the IP address previously used for outbound rule and assign it to your precreated subnet within your virtual network. The subnet name for this example is subnet-1.
In the search box at the top of the Azure portal, enter NAT gateway. Select NAT gateways in the search results.
Select Create.
Enter or select the following information in the Basics tab of Create network address translation (NAT) gateway.
Setting Value Project details Subscription Select your subscription. Resource group Select test-rg or your resource group. Instance details NAT gateway name Enter nat-gateway. Region Select your region. This example uses East US 2. SKU Select Standard. TCP idle timeout (minutes) Leave the default of 4. Select Next.
In the Outbound IP tab, select + Add public IP addresses or prefixes.
In Add public IP addresses or prefixes, select Public IP addresses. Select the public IP address you removed from the load balancer in the previous steps. In this example, it's public-ip-outbound.
Select Next.
In the Networking tab, in Virtual network, select your virtual network. In this example, it's test-rg.
Leave the checkbox for Default to all subnets unchecked.
In Select specific subnets, select your subnet. In this example, it's subnet-1.
Select Review + create, then select Create.
Next steps
In this article, you learned how to:
Migrate default outbound access to a NAT gateway.
Migrate load balancer outbound connectivity and IP address to a NAT gateway.
For more information about NAT gateway and the connectivity benefits it provides, see Design virtual networks with NAT gateway.
Advance to the next article to learn how to integrate a NAT gateway with a public load balancer: