This is the kind of video I like the most, that shows how things work behind the scenes. Thank you for the effort to make things clear!

Thank you so much Adam Sir! Videos like these help understand the concepts much easier than reading articles alone. Appreciate all your efforts!

Extremely useful Video Adam. Solved many client worries for us.

This is great thanks! Looking at a S2S option for a client, and this looks like, possibly the less complicated route!

Great video as always Adam.

An excellent explanation. Absolutely brialliantly clear. (Mark G - Microsoft)

Putting on-prem aside, is there a way to leverage NATing with overlapping IP ranges in Azure spokes?

thank you .technically very informative as a network engineer

Great scenario walk-through, explains the dual-NAT process very well. Question I have is would this work for multiple 3rd party sites connecting into the same VPNGW, who have the same overlapping IP address space or would a vendor based NVA solution be more suitable? (Trying to avoid sharing the BGP routing table with all these potential 3rd parties as well) Just trying to develop a pattern which will scale without causing NAT and routing challenges later. Love the material and scenario's you are covering here and in GitHub...keep it up! :)

Very nice, but you are not showing the local network gateway configuration which is kind of confusing on how the onprem info is set. Can you update on that?

Question about the public IPs used -- if BGP is advertising a route for the entire 100.0.0.0/24, does that break traffic from on-prem resources to any other host on the internet on that subnet?

Hi Adam. I'm having a problem when I configure NAT on the Azure VPN gateway from a 10.70.0.0/20 network to a 100.70.0.0/20 network. When I configure this 100.70.0.0/20 network inside the firewall, it doesn't work. The NAT only works if I also enter the 10.70.0.0/20 network into the local firewall (Fortigate). However, since these networks already exist, I can't enter the entire range into the firewall. I only configured an static egress rule in the NAT.

Whic will be the proxy-id/cryptomap to define on third-parti firewall? Any to Any?

Awsome Tutorial

Great video, but I have a question: how do you make sure on-prem resources can resolve Azure VMs with on-prem IPs ? The on-prem DNS is not aware of NAT

Hi Adam i am using vpngw1 sku which doesn't support nat rules not the second method its only for one vm not for entire resources. Route tables not suggested by azure for vpn gateway. Any suggestions from you.

very useful video, thank you! :) one question: what if we didn't have a spoke network, and it was the hub network in overlay?

These Nated IPs do I just use any IP or I would have to created a public IP or a private subnet IP to be used for this. How did you get these Nated IPs

Thanks, I got it working using private services. Now, if I want to reach the the On-prem from the Private Link Service, is that possible?

Thanks Adam

Such awesome work! One query which keeps on hitting my mind. how this mapping happens on backend. Lets say if have couple to backend IPs to be reached. which corresponds NATTED IP to be reached from other side. Can some one please help to understand.