ASDK NAT question

Question

Hi,

I am using the following commands to expose a deployed IaaS VM outside the ASDK environment so the VM can be accessed from my enterprise network:

$externalIP = "10.10.10.10"
$internalIP ="192.168.102.38"
$port = 22


Invoke-Command -argumentlist $externalIP -ComputerName AzS-bgpnat01 -ScriptBlock `
{ 
 $externalIP = $args[0]

 Get-NetNatExternalAddress | where {$_.IPAddress -eq $externalIP } | Remove-NetNatExternalAddress
 
}

Invoke-Command -argumentlist $externalIP, $internalIP, $port -ComputerName AzS-bgpnat01 -ScriptBlock `
{
    $externalIP = $args[0]
    $internalIP = $args[1]
    $port = $args[2]

    Add-NetNatExternalAddress -NatName BGPNAT -IPAddress $externalIP -PortStart $port -PortEnd $port -ErrorAction Stop
    Add-NetNatStaticMapping -NatName BGPNAT -Protocol TCP -ExternalIPAddress $externalIP -ExternalPort $port `
            -InternalIPAddress $internalIP -InternalPort $port
}

I can access the VM on IP 10.10.10.10 so far so good. But when I initiated a connection from the VM towards the enterprise network, the VM (source IP) is translated to the NatIPv4Address as specified during ASDK setup.

Does someone knows a way that traffic initiated from the VM gets the 10.10.10.10 address as translated address so that IPs on the enterprise network do not differ?

Regards,

Theo.

Answer 1

Thank you for posting Theo,

I'm encountering a similar issue with an IaaS VM communicating outside of my ASDK...

Thanks again,

Phil

Answer 2

Hello Theo and Phil,

Unfortunately, the ASDK environments internal private IP spaces are only NATed outbound to provide internet connectivity but there is no inbound NAT. 

  

Keep in mind the Azure Stack ASDK is intended to be development environments that trades the complexity of full network integration for the ability to get developers up and running on a single server with just two externally visible IP addresses.

    

https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-connect-azure-stack

  

If you'd like to see this functionality in a future release of Azure Stack,

leave a suggestion on User Voice in: 

‘How can we Improve Azure Stack’ - http://aka.ms/AzureStack/Feedback

 

We apologize for any inconvenience and appreciate your time and interest in Azure Stack.

If you continue experience any issues with the ASDK release, feel free to contact us.

    

---

Gary Gallanes

Answer 3

Hi Gary,

Thanks for explaining. I like the default ASDK setup that do not need extended network knowledge to get it up and running. That should stay as it is.

At the other hand, more advanced network setups where connectivity outside the ASDK environment i needed. Some use cases:

• In our case we are running a Azure Stack proof-of-concept that includes connectivity to other systems and the internet
• Development use case were you are developing / testing your application and the application need existing test systems that are outside the ASDF environment. Think of: enterprise message busses, datawarehouses / databases, integration with cloud services, etc

I will post this to the user voice.

Regards,

Theo.

Answer 4

I am in the same situation as Theo, 2-way communication is needed between IaaS VM and external system(s).

I'll add to user voice...