Cloud NAT gateways from AWS, Azure, and Google Cloud are designed for scalability and outbound connections, making them highly symmetric and challenging for peer-to-peer connectivity. Several workarounds exist: assigning public IPs to instances, deploying custom NAT instances with configurable behavior, using cloud-specific features like GCP's endpoint-independent mapping, or implementing subnet routers. The most effective solution remains giving instances public IPs with proper firewall rules, as WireGuard's encryption provides sufficient security while eliminating NAT complexity.
Table of contents
Cloud NAT gateways: symmetric by designOptions for better NAT behavior on cloudsThe private kind of publicSort: