Manage NAT gateway

Learn how to create and remove a NAT gateway resource from a virtual network subnet. A NAT gateway enables outbound connectivity for resources in an Azure Virtual Network. You can change the public IP addresses and public IP address prefixes associated with the NAT gateway changed after deployment.

This article explains how to manage the following aspects of NAT gateway:

  • Create a NAT gateway and associate it with an existing subnet.

  • Remove a NAT gateway from an existing subnet and delete the NAT gateway.

  • Add or remove a public IP address or public IP prefix.

Prerequisites

Create a NAT gateway and associate it with an existing subnet

You can create a NAT gateway resource and add it to an existing subnet by using the Azure portal, Azure PowerShell, Azure CLI, or Bicep.

  1. Sign-in to the Azure portal.

  2. In the search box at the top of the Azure portal, enter NAT gateway. Select NAT gateways in the search results.

  3. Select + Create.

  4. Enter or select the following information in the Basics tab of Create network address translation (NAT) gateway.

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select your resource group or select Create new to create a new resource group.
    Instance details
    NAT gateway name Enter nat-gateway.
    Region Select your region. This example uses China North 3.
    Availability zone Select No Zone. For more information about NAT gateway availability, see NAT gateway and availability zones.
    TCP idle timeout (minutes) Select the default of 4.
  5. Select the Outbound IP tab, or select Next: Outbound IP.

  6. You can select an existing public IP address or prefix or both to associate with the NAT gateway and enable outbound connectivity.

    • To create a new public IP for the NAT gateway, select Create a new public IP address. Enter public-ip-nat in Name. Select OK.

    • To create a new public IP prefix for the NAT gateway, select Create a new public IP prefix. Enter public-ip-prefix-nat in Name. Select a Prefix size. Select OK.

  7. Select the Subnet tab, or select Next: Subnet.

  8. Select your virtual network. In this example, select vnet-1 in the dropdown list.

  9. Select the checkbox next to subnet-1.

  10. Select Review + create.

  11. Select Create.

Remove a NAT gateway from an existing subnet and delete the resource

To remove a NAT gateway from an existing subnet, complete the following steps.

  1. Sign-in to the Azure portal.

  2. In the search box at the top of the Azure portal, enter NAT gateway. Select NAT gateways in the search results.

  3. Select nat-gateway.

  4. Under Settings, select Subnets.

  5. Select Disassociate to remove the NAT gateway from the configured subnet.

You can now associate the NAT gateway with a different subnet or virtual network in your subscription. To delete the NAT gateway resource, complete the following steps.

  1. In the search box at the top of the Azure portal, enter NAT gateway. Select NAT gateways in the search results.

  2. Select nat-gateway.

  3. Select Delete.

  4. Select Yes.

Note

When you delete a NAT gateway, the public IP address or prefix associated with it isn't deleted.

Add or remove a public IP address

Complete the following steps to add or remove a public IP address from a NAT gateway.

  1. Sign-in to the Azure portal.

  2. In the search box at the top of the Azure portal, enter Public IP address. Select Public IP addresses in the search results.

  3. Select Create.

  4. Enter the following information in Create public IP address.

    Setting Value
    Subscription Select your subscription.
    Resource group Select your resource group. The example uses test-rg.
    Region Select a region. This example uses China North 3.
    Name Enter public-ip-nat2.
    IP version Select IPv4.
    SKU Select Standard.
    Availability zone Select the default of Zone-redundant.
    Tier Select Regional.
  5. Select Review + create and then select Create.

  6. In the search box at the top of the Azure portal, enter NAT gateway. Select NAT gateways in the search results.

  7. Select nat-gateway.

  8. Under Settings, select Outbound IP.

  9. The IP addresses and prefixes associated with the NAT gateway are displayed. Next to Public IP addresses, select Change.

  10. Next to Public IP addresses, select the dropdown for IP addresses. Select the IP address that you created to add to the NAT gateway. To remove an address, unselect it.

  11. Select OK.

  12. Select Save.

Add or remove a public IP prefix

Complete the following steps to add or remove a public IP prefix from a NAT gateway.

  1. Sign-in to the Azure portal.

  2. In the search box at the top of the Azure portal, enter Public IP prefix. Select Public IP Prefixes in the search results.

  3. Select Create.

  4. Enter the following information in the Basics tab of Create a public IP prefix.

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select your resource group. This example uses test-rg.
    Instance details
    Name Enter public-ip-prefix-nat.
    Region Select your region. This example uses China North 3.
    IP version Select IPv4.
    Prefix size Select a prefix size. This example uses /28 (16 addresses).
  5. Select Review + create, then select Create.

  6. In the search box at the top of the Azure portal, enter NAT gateway. Select NAT gateways in the search results.

  7. Select nat-gateway.

  8. Under Settings, select Outbound IP.

  9. The page displays the IP addresses and prefixes associated with the NAT gateway. Next to Public IP prefixes, select Change.

  10. Next to Public IP Prefixes, select the dropdown box. Select the IP address prefix that you created to add the prefix to the NAT gateway. To remove a prefix, unselect it.

  11. Select OK.

  12. Select Save.

Next steps

To learn more about Azure Virtual Network NAT and its capabilities, see the following articles: