Got the same use case (secure outbound ExpressRoute to untrusted Third Parties) however they want to see routes advertised for a specific range and the SNAT to a private IP in that range. Is there another option for this, can other components do the SNAT part...? Private link for outbound, or using a site-to-site VPN somewhere in here (instead of the peering to the third party hub vnet?). Doing it like you have would require an Azure Firewall per third-party peer for us if each wants SNAT to different ranges... so gets expensive fast... it's 900 USD per month :O Thanks so so much
![Megan Thee Stallion - Roc Steady (feat. Flo Milli) [Official Video]](http://i.ytimg.com/vi/HozPPyqW0dY/mqdefault.jpg)
Thank you Adam. Very usefull video to learn from.
Thanks dude. Your Azure network content is great.
Got the same use case (secure outbound ExpressRoute to untrusted Third Parties) however they want to see routes advertised for a specific range and the SNAT to a private IP in that range.
Is there another option for this, can other components do the SNAT part...?
Private link for outbound, or using a site-to-site VPN somewhere in here (instead of the peering to the third party hub vnet?).
Doing it like you have would require an Azure Firewall per third-party peer for us if each wants SNAT to different ranges... so gets expensive fast... it's 900 USD per month :O
Thanks so so much
You are probably best off with IPsec to 3rd party and using NAT feature of VPN-GW. See my video on overlapping IP in Azure.Cheers