Configure internet access with Azure Virtual NAT
- 6 minutes
Azure NAT Gateway is a fully managed Network Address Translation (NAT) service that provides secure, scalable outbound connectivity from a subnet to the internet. NAT Gateway is the recommended method for outbound connectivity in Azure.
NAT Gateway SKUs
Azure NAT gateway is available in two SKUs.
| Feature | Standard | StandardV2 |
|---|---|---|
| Availability zone | Zonal (single zone) | Zone-redundant (all zones) |
| IPv6 support | No | Yes |
| Maximum throughput | 50 Gbps | 100 Gbps |
| Flow logs | No | Yes |
NAT Gateway usage scenario
The following diagram shows outbound traffic flow from Subnet 1 through the NAT gateway to be mapped to a Public IP address or a Public IP prefix.
After NAT is configured, all UDP and TCP outbound flows from any virtual machine instance will use NAT for internet connectivity. No further configuration is necessary, and you don’t need to create any user-defined routes. NAT takes precedence over other outbound scenarios and replaces the default Internet destination of a subnet.
NAT scales automatically to support dynamic workloads. NAT can support up to 16 public IP addresses. By using port network address translation (PNAT or PAT), NAT provides up to 64,000 concurrent flows for UDP and TCP.
Considerations for NAT Gateway
- Standard NAT gateway supports IPv4 only.
- StandardV2 NAT gateway supports both IPv4 and IPv6 public IP addresses and prefixes.
- NAT can't span multiple virtual networks.