Set up and manage network address translation with Public NAT

This page shows you how to configure and manage network address translation (NAT) by using Public NAT. Before setting up Public NAT, see the Public NAT overview.

Limitations

If you change the network tier of the automatically allocated IP addresses for a Cloud NAT gateway, all connections on the old IP addresses immediately close.
If you use manual NAT IP address allocation, and you change the IP addresses that are used for Cloud NAT, all connections on the old IP addresses immediately close. To avoid this, see Drain external IP addresses associated with NAT.
If you configure a Cloud NAT gateway with static port allocation, and you reduce the minimum ports per VM, established NAT connections might be broken. For more information, see Reducing ports per VM.
If you configure a Cloud NAT gateway with dynamic port allocation, and you make any further configuration changes, established NAT connections might be broken. When the configuration change, the number of ports currently allocated to each VM might be temporarily reset to the minimum number configured. For more information, see Reducing ports per VM.
If you configure a Cloud NAT gateway with dynamic port allocation and then turn off dynamic port allocation, all VM connections that use the NAT gateway are closed. For more information, see Switch port allocation method.
If Endpoint-Independent Mapping is turned on, you can't configure dynamic port allocation or NAT rules.
Cloud NAT doesn't support IP fragments.
A Cloud NAT configuration is tied to a Virtual Private Cloud (VPC) network. So, the configuration applies to all the resources that belong to the subnets of that network. You can't choose specific VMs to be served by a Cloud NAT gateway.

Before you begin

Complete the following tasks before setting up Public NAT.

Get IAM permissions

The Compute Network Admin role (roles/compute.networkAdmin) includes the permissions that you need to configure Public NAT.

Set up Google Cloud

Before you get started, set up the following items in Google Cloud.

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Install the Google Cloud CLI.

To initialize the gcloud CLI, run the following command:

gcloud init

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Install the Google Cloud CLI.

To initialize the gcloud CLI, run the following command:

gcloud init

The Google Cloud CLI instructions on this page assume that you have set your project ID before issuing commands.

You can set a project ID with the following command:
```
gcloud config set project PROJECT_ID
```
You can also view a project ID that is already set:
```
gcloud config list --format='text(core.project)'
```

Configure Public NAT

You configure Public NAT by creating a Cloud NAT gateway in the source VPC network. Each gateway is associated with a single VPC network, region, and Cloud Router. When creating a Cloud NAT gateway, you can configure the following settings.

Setting	Supported options	Description
Source endpoint type	VM instances, GKE nodes, Serverless Managed proxy load balancers	By default, Public NAT provides NAT services to VM instances, Google Kubernetes Engine (GKE) nodes, and serverless traffic. To create a Cloud NAT gateway for these resources, complete the steps in the following section. To create a Cloud NAT gateway for a regional internet network endpoint group (NEG), see "Set up a Cloud NAT gateway" for the following: regional external Application Load Balancer regional internal Application Load Balancer regional external proxy Network Load Balancer regional internal proxy Network Load Balancer For a full list of Google Cloud resources that Cloud NAT supports, see Cloud NAT overview.
Source subnets	Primary and secondary ranges for all subnets Primary ranges for all subnets Custom	By default, Public NAT is enabled for all primary and secondary IP ranges for all subnets in the region for the VPC network that you specify. You can restrict which primary and secondary subnet ranges can use NAT.
IP address allocation	Automatic (recommended) Manual	By default, Public NAT uses automatic NAT IP address allocation. This configuration automatically allocates the necessary external IP addresses to provide NAT services to a region. VM instances without external IP addresses in any subnet of the region are provided internet access through NAT. When you use automatic NAT IP address allocation, Google Cloud reserves IP addresses in your project. These addresses count against your static IP address quotas in the project. You can manually allocate NAT IP addresses for a Cloud NAT gateway. If you choose manual allocation, make sure to allocate enough IP addresses to avoid dropped packets. For more information, see Public NAT IP addresses.
Network tier	Premium Standard	Public NAT lets you specify the Network Service Tiers from which the Cloud NAT gateway allocates external IP addresses. By default, the network tier is set to the current project-level tier. When creating a Cloud NAT gateway with automatic NAT IP address allocation, you can assign NAT IP addresses from either Premium Tier or Standard Tier. When creating a Cloud NAT gateway with manual NAT IP address allocation, you can choose to manually assign NAT IP addresses from either Premium Tier or Standard Tier or both, subject to certain conditions.
Advanced configurations	Dynamic port allocation Endpoint-Independent Mapping Logging NAT timeouts	By default, Public NAT uses static port allocation, which means that each VM is allocated the same number of ports. You can configure dynamic port allocation with either automatic or manual NAT IP address allocation. Using dynamic port allocation lets the Cloud NAT gateway allocate different numbers of ports to each VM based on usage. You can't enable Endpoint-Independent Mapping if your Cloud NAT gateway uses NAT rules or dynamic port allocation. Logging is disabled by default. For information about NAT timeouts and their default values, see NAT timeouts.

Create a Cloud NAT gateway

Console

In the Google Cloud console, go to the Cloud NAT page.

Go to Cloud NAT
Click Get started or Create Cloud NAT gateway.
Note: If this is the first Cloud NAT gateway that you're creating, click Get started. If you already have existing gateways, then instead of Get started, Google Cloud displays the Create Cloud NAT gateway button. To create another gateway, click Create Cloud NAT gateway.
In the Gateway name field, enter a name for the gateway.
For NAT type, select Public.
In the Select Cloud Router section, configure the following:
1. In the Network field, select the VPC network in which you want to create the gateway.
2. In the Region field, set the region for the gateway.
3. In the Cloud Router field, select or create a Cloud Router in the region.
In the Cloud NAT mapping section, for Source endpoint type, make sure the VM instances, GKE nodes, Serverless option is selected.
Configure Source subnets by selecting one of the following:
- To use Cloud NAT for all primary and secondary IP ranges for all subnets in the region, select Primary and secondary IP ranges for all subnets.
- To use Cloud NAT only for primary IP ranges, select Primary IP ranges for all subnets.
- To restrict which subnet IP ranges can use Cloud NAT, select Custom and do the following:
  1. In the Subnets section, select a subnet.
  2. In the IP ranges drop-down list, select the subnet IP ranges to include and click OK.
  3. If you want to specify additional ranges, click Add subnet and IP range and add another subnet.
Configure the NAT IP address allocation type and network tier by selecting one of the following:
- To use automatic NAT IP address allocation, do the following:
  1. In the Cloud NAT IP addresses list, select Automatic (recommended).
  2. For Network service tier, choose either Premium or Standard.
- To use manual NAT IP address allocation, do the following:
  1. In the Cloud NAT IP addresses list, select Manual.
  2. For Network service tier, choose either Premium or Standard.
  3. Select or create a static reserved external IP address to use for NAT.
    
    Note: You can only select or create IP addresses based on the tier that you have selected in the previous step.
  4. If you want to specify additional IP addresses, click Add IP address and then select or create an additional static reserved external IP address.
  5. If you want to create custom NAT rules, configure the Cloud NAT rules section. For instructions, see Create NAT rules.
Optional: Adjust any of the following settings in the Advanced configurations section:
- Whether to configure logging. By default, No logging is selected.
- Whether to change how Cloud NAT allocates ports. By default, Enable Dynamic Port Allocation is deselected. To configure dynamic port allocation, select Enable Dynamic Port Allocation and select a value for the Minimum ports per VM instance field (default is 32) and the Maximum ports per VM instance field (default is 65536).
- Whether to update NAT timeouts for protocol connections. For information about these timeouts and their default values, see NAT timeouts.
Click Create.

gcloud

To create a Cloud NAT gateway, use the gcloud compute routers nats create command.

Create a Cloud Router in the region in which you want to use the Cloud NAT gateway. You need this Cloud Router to create your Cloud NAT gateway.
Create the Cloud NAT gateway by doing one of the following. When using either of these options, replace NAT_CONFIG with a name for your NAT configuration, NAT_ROUTER with the name of the Cloud Router that you created in the previous step, and REGION with the region in which you want to use the Cloud NAT gateway.
- To create a Cloud NAT gateway with all of its configuration parameters set to their default values, run the following command:
```
gcloud compute routers nats create NAT_CONFIG \
    --router=NAT_ROUTER \
    --region=REGION \
    --auto-allocate-nat-external-ips \
    --nat-all-subnet-ip-ranges
```
  This configuration enables NAT for all primary and secondary IP ranges for all subnets in the region and automatically allocates the necessary external IP addresses to provide NAT services to the region.
- When creating a Cloud NAT gateway, you can customize your gateway configuration by specifying each parameter that you want to customize. For a full list of flags that you can use, see the gcloud compute routers nats create command. For example:
  - To create a Cloud NAT gateway that restricts which subnet ranges can use NAT, run the following command:
```
gcloud compute routers nats create NAT_CONFIG \
    --router=NAT_ROUTER \
    --region=REGION \
    --auto-allocate-nat-external-ips \
    --nat-custom-subnet-ip-ranges=SUBNETS_RANGES_LIST
```
    Replace SUBNETS_RANGES_LIST with a comma-separated list of subnet names. For example:
    - SUBNET_NAME_1:ALL,SUBNET_NAME_2:ALL: includes both the primary and secondary subnet ranges of SUBNET_NAME_1 and SUBNET_NAME_2.
    - SUBNET_NAME_1,SUBNET_NAME_2: includes only the primary subnet range of SUBNET_NAME_1 and SUBNET_NAME_2.
    - SUBNET_NAME:SECONDARY_RANGE_NAME: includes the secondary range SECONDARY_RANGE_NAME of subnet SUBNET_NAME. It doesn't include the primary range of SUBNET_NAME.
    - SUBNET_NAME_1,SUBNET_NAME_2:SECONDARY_RANGE_NAME: includes the primary range of SUBNET_NAME_1 and the specified secondary range SECONDARY_RANGE_NAME of subnet SUBNET_NAME_2.
  - To create a Cloud NAT gateway with manual NAT IP address allocation, run the following command:
```
gcloud compute routers nats create NAT_CONFIG \
    --router=NAT_ROUTER \
    --region=REGION \
    --nat-all-subnet-ip-ranges \
    --nat-external-ip-pool=IP_ADDRESS_1,IP_ADDRESS_2
```
    Replace IP_ADDRESS_1 and IP_ADDRESS_2 with the static reserved external IP addresses that you want to use for NAT. You can specify one or more external IP addresses when using the --nat-external-ip-pool flag.
  - To specify the network tier from which the Cloud NAT gateway allocates external IP addresses, run the following command:
```
gcloud compute routers nats create NAT_CONFIG \
    --router=NAT_ROUTER \
    --region=REGION \
    --nat-all-subnet-ip-ranges \
    --auto-allocate-nat-external-ips \
    --auto-network-tier=AUTO_NETWORK_TIER
```
    Replace AUTO_NETWORK_TIER with the network tier to use when automatically allocating IP addresses for the Cloud NAT gateway. The allowed values are PREMIUM and STANDARD. If not specified, then the current project-level default tier is associated with the Cloud NAT gateway.
    
    You can also specify the network tier with manual NAT IP addresses allocation. If you assign multiple IP addresses to the gateway, all the IP addresses that you assign must be from the same network tier.
  - To create a Cloud NAT gateway with dynamic port allocation, run the following command:
```
gcloud compute routers nats create NAT_CONFIG \
    --router=NAT_ROUTER \
    --region=REGION \
    --auto-allocate-nat-external-ips \
    --nat-all-subnet-ip-ranges \
    --enable-dynamic-port-allocation \
    [ --min-ports-per-vm=MIN_PORTS ] \
    [ --max-ports-per-vm=MAX_PORTS ]
```
    Replace the following optional flags:
    - MIN_PORTS: the minimum number of ports to allocate for each VM. If dynamic port allocation is turned on, MIN_PORTS must be a power of 2 and can be between 32 and 32768. The default is 32.
    - MAX_PORTS: the maximum number of ports to allocate for each VM. MAX_PORTS must be a power of 2, and can be between 64 and 65536. MAX_PORTS must be greater than MIN_PORTS. The default is 65536.

Terraform

You can use a Terraform module to create a Cloud Router with a NAT gateway.

module "cloud_router" {
  source  = "terraform-google-modules/cloud-router/google"
  version = "~> 6.0"
  name    = "my-cloud-router"
  project = var.project_id
  network = module.vpc.network_name
  region  = "us-central1"

  nats = [{
    name                               = "my-nat-gateway"
    source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
    subnetworks = [
      {
        name                     = module.vpc.subnets["us-central1/test-subnet-01"].id
        source_ip_ranges_to_nat  = ["PRIMARY_IP_RANGE", "LIST_OF_SECONDARY_IP_RANGES"]
        secondary_ip_range_names = module.vpc.subnets["us-central1/test-subnet-01"].secondary_ip_range[*].range_name
      }
    ]
  }]
}

The resulting NAT gateway uses the following default values:

enable_endpoint_independent_mapping = true
icmp_idle_timeout_sec               = 30
min_ports_per_vm                    = 0
nat_ip_allocate_option              = "AUTO_ONLY"
source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
tcp_established_idle_timeout_sec    = 1200
tcp_transitory_idle_timeout_sec     = 30
udp_idle_timeout_sec                = 30
log_config {
    enable = true
    filter = "ALL"
}

View Public NAT configuration

Console

In the Google Cloud console, go to the Cloud NAT page.

Go to Cloud NAT
To view NAT gateway details, mapping information, or configuration details, click the name of your NAT gateway.
To view NAT status, see the Status column for your NAT gateway.

gcloud

You can view the NAT configuration details by running the following commands:

View the Public NAT gateway configuration.
```
gcloud compute routers nats describe NAT_CONFIG \
    --router=ROUTER_NAME \
    --region=REGION
```
Replace the following:
- NAT_CONFIG: the name of your NAT configuration.
- ROUTER_NAME: the name of your Cloud Router.
- REGION: the region of the NAT to describe. If not specified, you might be prompted to select a region (interactive mode only).

View the mapping of the IP:port-ranges allocated to each VM's interface.

gcloud compute routers get-nat-mapping-info ROUTER_NAME \
    --region=REGION

View the status of the Public NAT gateway.

gcloud compute routers get-status ROUTER_NAME \
    --region=REGION

View external IP addresses assigned to a Cloud NAT gateway

To view NAT IP addresses that were automatically added, see the list of static external IP addresses. These addresses don't count toward per-project quotas.

Console

In the Google Cloud console, go to the IP addresses page and then click External IP addresses.

Go to IP addresses

gcloud

To list all allocated NAT IP addresses, use the following command:
```
gcloud compute routers get-nat-ip-info NAT_ROUTER \
  --region=REGION
```
For more examples, see gcloud compute routers get-nat-ip-info.

Update the Public NAT configuration

After you set up your Cloud NAT gateway, you can update the gateway configuration based on your requirements. The following sections list the tasks that you can perform to update your Cloud NAT gateway.

Update subnets and IP address resources associated with NAT

Console

In the Google Cloud console, go to the Cloud NAT page.

Go to Cloud NAT
Click your Cloud NAT gateway.
Click Edit.
Under NAT mapping, set Source to Custom.
Select a subnet.
In the IP ranges drop-down list, select the subnet IP ranges to include.
If you want to specify additional ranges, click Add subnet and IP range.
Click the NAT IP addresses drop-down list, and then select Automatic or Manual.
If you select Manual, specify an external IP address.
For high availability with manual IP addresses, click Add IP address, and then add a second address.
Click Save.

gcloud

gcloud compute routers nats update NAT_CONFIG \
    --router=NAT_ROUTER \
    --region=REGION \
    --nat-external-ip-pool=IP_ADDRESS2,IP_ADDRESS3 \
    --nat-custom-subnet-ip-ranges=SUBNETS_RANGES_LIST

Replace the following:

NAT_CONFIG: the name of your NAT configuration.
NAT_ROUTER: the name of your Cloud Router.
REGION: the region of the NAT to update. If not specified, you might be prompted to select a region (interactive mode only).
IP_ADDRESS2: a manual external IP address
IP_ADDRESS3: another manual external IP address
SUBNETS_RANGES_LIST: a comma-separated list of subnet names. For example:
- SUBNET_NAME_1:ALL,SUBNET_NAME_2:ALL: includes both the primary and secondary subnet ranges of SUBNET_NAME_1 and SUBNET_NAME_2.
- SUBNET_NAME_1,SUBNET_NAME_2: includes only the primary subnet range of SUBNET_NAME_1 and SUBNET_NAME_2.
- SUBNET_NAME:SECONDARY_RANGE_NAME: includes the secondary range SECONDARY_RANGE_NAME of subnet SUBNET_NAME. This list of subnet names doesn't include the primary range of SUBNET_NAME.
- SUBNET_NAME_1,SUBNET_NAME_2:SECONDARY_RANGE_NAME: includes the primary range of SUBNET_NAME_1 and the specified secondary range SECONDARY_RANGE_NAME of subnet SUBNET_NAME_2.

Delete subnets associated with NAT

You can remove specific subnets from the Cloud NAT gateway that are no longer in use.

Console

In the Google Cloud console, go to the Cloud NAT page.

Go to Cloud NAT
Click your Cloud NAT gateway.
Click Edit.
Delete the subnet that you want to remove from NAT mapping.

Note: If the subnet that you deleted is the only subnet that is mapped to the Public NAT gateway, then the system prompts you to add a subnet. You can map a new subnet or select Primary and secondary ranges for all subnets in the Source list.
Click Save.

Update external IP addresses associated with NAT

You can change the list of external IP addresses for a given gateway or switch from manual to automatic IP allocation. When you do, Google Cloud removes the old addresses and adds the new ones. Any existing connections on the old IP addresses immediately close. To let existing connections continue while preventing new connections on those IP addresses, see Drain external IP addresses associated with NAT.

Console

In the Google Cloud console, go to the Cloud NAT page.

Go to Cloud NAT
Click your Cloud NAT gateway.
Click Edit.
Click the NAT IP addresses drop-down list, and then select Automatic or Manual.
If you select Manual, specify an external IP address.
For high availability, click Add IP address, and then add a second address.
Click Save.

gcloud

gcloud compute routers nats update NAT_CONFIG \
    --router=NAT_ROUTER \
    --region=REGION \
    --nat-external-ip-pool=IP_ADDRESS2,IP_ADDRESS3

Replace the following:

NAT_CONFIG: the name of your NAT configuration.
NAT_ROUTER: the name of your Cloud Router.
REGION: the region of the NAT to update. If not specified, you might be prompted to select a region (interactive mode only).
IP_ADDRESS2: a manual external IP address.
IP_ADDRESS3: another manual external IP address.

Update NAT by using external IP addresses from a different network tier

You can update an existing Cloud NAT gateway by changing the network tier of the external IP addresses associated with the gateway.

Update NAT by changing the network tier of automatically allocated external IP addresses

When you change the network tier of automatically allocated external IP addresses associated with an existing Cloud NAT gateway, Google Cloud removes the previously allocated IP addresses and replaces them with IP addresses from the specified network tier. Any existing connections on the previously allocated IP addresses immediately close.

Console

In the Google Cloud console, go to the Cloud NAT page.

Go to Cloud NAT
Click your Cloud NAT gateway name that has automatically allocated IP addresses.
Click Edit.
For Network service tier, choose either Premium or Standard.
Click Save.

gcloud

Use the gcloud CLI to run the compute routers nats update command with the flag --auto-network-tier.

gcloud compute routers nats update NAT_CONFIG \
    --router=NAT_ROUTER \
    --region=REGION \
    --auto-allocate-nat-external-ips
    --auto-network-tier=AUTO_NETWORK_TIER

Replace the following:

NAT_CONFIG: the name of your NAT configuration.
NAT_ROUTER: the name of your Cloud Router.
REGION: the region of the NAT to create. If not specified, you might be prompted to select a region (interactive mode only).
AUTO_NETWORK_TIER: the network tier to use when automatically allocating IP addresses for the Cloud NAT gateway. The allowed values are PREMIUM and STANDARD. If not specified, then the current project-level default tier is associated with the Cloud NAT gateway.

Update NAT by changing the network tier of manually assigned IP addresses

You can update an existing NAT by manually specifying external IP addresses from a different tier. You can assign external IP addresses from either Standard Tier or Premium Tier or both, subject to certain conditions. Before you specify external IP addresses from a different tier, first drain the existing IP addresses to let existing connections continue and prevent new connections on the existing IP addresses.

Console

In the Google Cloud console, go to the Cloud NAT page.

Go to Cloud NAT
Click your Cloud NAT gateway name that has manually assigned IP addresses.
Click Edit.
To specify IP addresses from a tier that is different from the currently selected tier, either delete all the existing IP addresses or enable draining for all the existing IP addresses.

You can't change the network tier if draining is disabled for an existing IP address.
For Network service tier, choose either Premium or Standard.
Select an external IP address from the list of active, available IP addresses.

Note: Draining is always disabled for a newly selected IP address.
Optional: To add more IP addresses, click Add IP addresses.
Click Save.

gcloud

To update an existing gateway by manually changing the existing external IP addresses with new ones from a different network tier, use the --nat-external-ip-pool field of the compute routers nats update command.

For more information about manually changing the existing external IP addresses, see Change external IP addresses associated with NAT.

Drain external IP addresses associated with NAT

Before you remove a manually configured IP address, you can drain it so that existing connections aren't disrupted. When an IP address is drained, all existing connections are allowed to continue until they expire naturally. You can view the logs to check the status of existing connections.

No new connections are accepted on the drained IP addresses. However, the IP address stays associated with the NAT configuration.

You must have at least one active address in a NAT configuration, which means that you can't drain all IP addresses in a configuration.

To see the state of your NAT IP addresses, you can Show NAT status.

Console

In the Google Cloud console, go to the Cloud NAT page.

Go to Cloud NAT
Click your Cloud NAT gateway.
Click Edit.
For NAT IP addresses, set the IP draining value next to the IP address to On.
Click Save.

gcloud

To drain an address, you must move it from the active pool to the drain pool in the same command. If you remove it from the active pool without adding it to the drain pool in a single command, the IP address is deleted from service and existing connections are terminated immediately.

If you move an IP address from the drain pool to the active pool, you undrain the IP address. If you remove a NAT IP address from both pools, you disconnect it from the NAT configuration.

This command leaves the other fields in the NAT configuration unchanged.

gcloud compute routers nats update NAT_CONFIG \
    --router=NAT_ROUTER \
    --region=REGION \
    --nat-external-ip-pool=IP_ADDRESS3 \
    --nat-external-drain-ip-pool=IP_ADDRESS2

Where:

--nat-external-ip-pool=IP_ADDRESS3: updates the active pool to omit IP_ADDRESS2
--nat-external-drain-ip-pool=IP_ADDRESS2: adds IP_ADDRESS2 to the drain pool

Replace the following:

NAT_CONFIG: the name of your NAT configuration.
NAT_ROUTER: the name of your Cloud Router.
REGION: the region of the NAT to update. If not specified, you might be prompted to select a region (interactive mode only).
IP_ADDRESS3: an IP address.
IP_ADDRESS2: another IP address.

Update endpoint mapping

You can enable or disable Endpoint-Independent Mapping for your gateway. By default, this option is disabled. Switching Endpoint-Independent Mapping from enabled to disabled (or from disabled to enabled) doesn't interrupt existing connections.

You can't enable Endpoint-Independent Mapping if your Cloud NAT gateway uses NAT rules or dynamic port allocation.

Console

In the Google Cloud console, go to the Cloud NAT page.

Go to Cloud NAT
Click your Cloud NAT gateway.
Click Edit.
Click Advanced configurations.
To enable Endpoint-Independent Mapping, select the Enable Endpoint-Independent Mapping checkbox. To disable Endpoint-Independent Mapping, clear the checkbox.
Click Save.

gcloud

gcloud compute routers nats update NAT_CONFIG \
    --router=NAT_ROUTER \
    --region=REGION \
    [--enable-endpoint-independent-mapping | --no-enable-endpoint-independent-mapping]

Replace the following:

NAT_CONFIG: the name of your NAT configuration.
NAT_ROUTER: the name of your Cloud Router.
REGION: the region of the NAT to update. If not specified, you might be prompted to select a region (interactive mode only).

Update logging

To add, modify, or remove logging for an existing Cloud NAT gateway, see Configuring logging.

Delete Public NAT configuration

Deleting a gateway configuration removes the NAT configuration from a Cloud Router. It does not delete the router itself.

Console

In the Google Cloud console, go to the Cloud NAT page.

Go to Cloud NAT
Select the checkbox next to the gateway configuration that you want to delete.
On the Menu, click Delete.

gcloud

gcloud compute routers nats delete NAT_CONFIG \
    --router=ROUTER_NAME \
    --region=REGION

Replace the following:

NAT_CONFIG: the name of your NAT configuration.
ROUTER_NAME: the name of your Cloud Router.
REGION: the region of the NAT to delete. If not specified, you might be prompted to select a region (interactive mode only).

Quotas and limits

For quota and limit information, see the quotas page.

Example setups

These examples show you how to test Cloud NAT with Google Cloud:

What's next

Configure logging and monitoring for Cloud NAT.
Troubleshoot common issues with NAT configurations.