1. Home
  2. Training Library
  3. Google Cloud Platform
  4. Courses
  5. Implementing a GCP Virtual Private Cloud (VPC)

Configuring NAT Part 2

Start course
Duration1h 15m


Please note: this course has been replaced with an updated version which can be found here.


This course guides you through the key steps to configure a Google Cloud Platform virtual private cloud (VPC), which allows you to connect your GCP services with one another securely.

After a brief introduction, the course begins with how to set up and configure VPCs, including VPC peering and shared VPC. You'll learn how to configure routes, set up cloud NAT (network address translation), and configure VPC-native clusters in Kubernetes, before rounding off the course by looking at VPC firewalls. The topics in this course are accompanied by demonstrations on the platform in order to show you how these concepts apply to real-world scenarios.

If you have any feedback, questions, or queries relating to this course, please feel free to contact us at support@cloudacademy.com.

Learning Objectives

  • Configure Google Cloud Platform VPC resources
  • Configure VPC peering and API access
  • Create shared VPCs
  • Configure internal static and dynamic routing, as well as NAT
  • Configure and maintain Google Kubernetes Engine clusters
  • Configure and maintain VPC firewalls

Intended Audience

This course is intended for:

  • Individuals who want to learn more about Google Cloud networking, who may also have a background in cloud networking with other public cloud providers
  • Individuals who simply want to widen their knowledge of cloud technology in general


To get the most from this course, you should already have experience in public cloud and networking as well as an understanding of GCP architecture.


So what we're gonna do is we're gonna go back to the Compute Engine instances here. And we have a VM already created called vm-nat. And as you could see on the external IP side, it says none. It doesn't have an external IP assigned to it.

So we're gonna go ahead and SSH into that. And while that's loading up, transferring over the keys, what we're gonna do is we're going to basically identify what type of IP address we have assigned to this. And there's a few ways you can do this. I'm just going to choose the easy way. And we're gonna curl ident.me. And you're gonna see this is the external IP address this instance is gonna use,

What that means is when we go back to the NAT'd IP is the same IP address we see here. It's the third IP address, And what's cool about it is that it can use any one of these addresses. It really kind of simplifies things from a security perspective. And then if you don't need any of these addresses in the future you can always release them or change them, but for the purpose of this video, we're also going to set up one more VM instance and then we're also going to do with it already having an external IP address, so you can see what happens.

Okay, so what we're gonna do, we're gonna go ahead and create a new instance. And we're gonna call this one vm-ip. We'll leave it in central1. We'll do a micro-instance here. We'll allow traffic. We're gonna go under networking. Hit the pencil here. And we're just going to leave it at the default network, the default subnetwork, the primary internal IP. And as you can see down here, when it gets to External IP, this is where you would change it if you want to use a NAT, but we're gonna leave it at Ephemeral, meaning it's gonna be chosen for us. Then we're gonna go and hit Create.

Okay, now that that's created, what we're gonna do is we're gonna go back over to the NAT creation and we're gonna create a new gateway, because the old gateway was set up under a different VPC. We're gonna use central1.

We're just gonna create a new router, gonna call this router-2. As you could see, it automatically chose the network and the region it's in. It has to be in the same region. So we're gonna go and hit Create.

And then at the bottom here, here's the options to choose for your primary and secondary ranges, if you want to use NAT for external, excuse me, as you're setting up NAT mapping, you can choose whether or not it's gonna be assigned to individual IP addresses or primary ranges for all subnets, or just everything. So it gives you a lot of options here. As you can see at the bottom, the destination's gonna be external. So we're gonna go and hit Create there.

Okay, now it's created. You can see it's running. I'm gonna go in and click on it. Once again, Auto-allocate. So let's go back and look at our, let's see what IP addresses that were assigned to it, the external. As you can see here, we just have one assigned to it right now, for router-2, and then .120.

We also have our vm-ip that we created for this with an external IP, as you can see it here, it's So we're gonna SSH into that. Once we SSH in, we're gonna go ahead and do another ident.me command on this to see which IP address we get.

Okay, we've SSH'd in, so we're gonna curl ident.me. As you could see, we actually are gonna get the external IP address that was assigned to this VM when we created it. The reason is if you already assigned an external IP to a VM, or Kubernetes cluster instance, what's gonna happen is you're gonna end up using net IP and not the NAT'd ones. So to use the NAT'd IP, you'd have to end up removing this one.

So hopefully that helps. Thanks for watching. Let's get on to the next section.

About the Author

Mark has many years of experience working with Google Cloud Platform and also holds eight GCP certifications.