![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 33%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E5%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,543 questions
@56789 ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
From your verbatim,
- You have an Static EgressNAT that translates 10.180.10.1/32 (Original Azure IP) to 2.2.2.2/32
- Traffic is always initiated from OnPrem to 2.2.2.2/32 (Translated IP)
- You have a new requirement to translate 10.180.10.2/27 to 4.4.4.4/32
- This time, the Original Azure IP is a range (/27) and Translated IP is a single IP (/32).
- And hence, you intend on using a Dynamic Rule
From the docs,
- About NAT on Azure VPN Gateway and
- NAT on VPN FAQ
- I don't see any limitation that a single Connection cannot have both Static Rule and Dynamic Rule
- Only thing to note here is that When Dynamic NAT rules are used, traffic is unidirectional which means communication must be initiated from the site that is represented in the Internal Mapping field of the rule.
- This means, Azure should be the one initiating the connection and not OnPrem
- See : NAT type: static & dynamic
Hope this helps.
Should you face any problems, please do let me know
Cheers,
Kapil