Merge pull request #266342 from asudbring/nat-freshness

Stacyrch140 · web-flow · commit 9525c514706a · 2024-02-14T19:41:21.000-05:00
Freshness review of NAT gateway troubleshoot article
diff --git a/articles/nat-gateway/troubleshoot-nat.md b/articles/nat-gateway/troubleshoot-nat.md
@@ -1,12 +1,12 @@
 ---
 title: Troubleshoot Azure NAT Gateway
-titleSuffix: Azure Virtual Network
-description: Troubleshoot issues with NAT Gateway.
+titleSuffix: Azure NAT Gateway
+description: Get started using this article to learn how to troubleshoot issues and errors with Azure NAT Gateway.
 services: virtual-network
 author: asudbring
 ms.service: nat-gateway
 ms.topic: troubleshooting
-ms.date: 08/29/2022
+ms.date: 02/14/2024
 ms.author: allensu
 ---
 
@@ -30,26 +30,27 @@ Check the following configurations to ensure that NAT gateway can be used to dir
 
 1. At least one public IP address or one public IP prefix is attached to NAT gateway. At least one public IP address must be associated with the NAT gateway for it to provide outbound connectivity. 
 
-2. At least one subnet is attached to a NAT gateway. You can attach multiple subnets to a NAT gateway for going outbound, but those subnets must exist within the same virtual network. NAT gateway can't span beyond a single virtual network. 
+1. At least one subnet is attached to a NAT gateway. You can attach multiple subnets to a NAT gateway for going outbound, but those subnets must exist within the same virtual network. NAT gateway can't span beyond a single virtual network. 
 
-3. No [NSG rules](../virtual-network/network-security-groups-overview.md#outbound) or UDRs are blocking NAT gateway from directing traffic outbound to the internet.
+1. No [Network Security Group (NSG) rules](../virtual-network/network-security-groups-overview.md#outbound) or User Defined Routes (UDR) are blocking NAT gateway from directing traffic outbound to the internet.
 
 ### How to validate connectivity
 
-[NAT gateway](./nat-overview.md#azure-nat-gateway-basics) supports IPv4 UDP and TCP protocols. ICMP isn't supported and is expected to fail. 
+[NAT gateway](./nat-overview.md#azure-nat-gateway-basics) supports IPv4 User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) protocols. Ping isn't supported and is expected to fail. 
 
 To validate end-to-end connectivity of NAT gateway, follow these steps: 
+
 1. Validate that your [NAT gateway public IP address is being used](./quickstart-create-nat-gateway-portal.md#test-nat-gateway).
 
-2. Conduct TCP connection tests and UDP-specific application layer tests.
+1. Conduct TCP connection tests and UDP-specific application layer tests.
 
-3. Look at NSG flow logs to analyze outbound traffic flows from NAT gateway.
+1. Look at NSG flow logs to analyze outbound traffic flows from NAT gateway.
 
-Refer to the table below for which tools to use to validate NAT gateway connectivity.
+Refer to the following table for tools to use to validate NAT gateway connectivity.
 
 | Operating system | Generic TCP connection test | TCP application layer test | UDP |
 |---|---|---|---|
-| Linux | nc (generic connection test) | curl (TCP application layer test) | application specific |
+| Linux | `nc` (generic connection test) | `curl` (TCP application layer test) | application specific |
 | Windows | [PsPing](/sysinternals/downloads/psping) | PowerShell [Invoke-WebRequest](/powershell/module/microsoft.powershell.utility/invoke-webrequest) | application specific |
 
 ### How to analyze outbound connectivity
@@ -64,17 +65,17 @@ To analyze outbound traffic from NAT gateway, use NSG flow logs. NSG flow logs p
 
 ## NAT gateway in a failed state
 
-You may experience outbound connectivity failure if your NAT gateway resource is in a failed state. To get your NAT gateway out of a failed state, follow these instructions:
+You can experience outbound connectivity failure if your NAT gateway resource is in a failed state. To get your NAT gateway out of a failed state, follow these instructions:
 
-1. Once you identify the resource that is in a failed state, go to [Azure Resource Explorer](https://resources.azure.com/) and identify the resource in this state. 
+1. Identify the resource that is in a failed state. Go to [Azure Resource Explorer](https://resources.azure.com/) and identify the resource in this state. 
 
-2. Update the toggle on the right-hand top corner to Read/Write. 
+1. Update the toggle on the right-hand top corner to Read/Write. 
 
-3. Select on Edit for the resource in failed state. 
+1. Select on Edit for the resource in failed state. 
 
-4. Select on PUT followed by GET to ensure the provisioning state was updated to Succeeded. 
+1. Select on PUT followed by GET to ensure the provisioning state was updated to Succeeded. 
 
-5. You can then proceed with other actions as the resource is out of failed state. 
+1. You can then proceed with other actions as the resource is out of failed state. 
 
 ## Add or remove NAT gateway 
 
@@ -88,65 +89,65 @@ NAT gateway must be detached from all subnets within a virtual network before th
 
 A subnet within a virtual network can't have more than one NAT gateway attached to it for connecting outbound to the internet. An individual NAT gateway resource can be associated to multiple subnets within the same virtual network. NAT gateway can't span beyond a single virtual network. 
 
-### Basic SKU resources can't exist in the same subnet as NAT gateway
+### Basic resources can't exist in the same subnet as NAT gateway
 
 NAT gateway isn't compatible with basic resources, such as Basic Load Balancer or Basic Public IP. Basic resources must be placed on a subnet not associated with a NAT Gateway. Basic Load Balancer and Basic Public IP can be upgraded to standard to work with NAT gateway. 
 
 * To upgrade a basic load balancer to standard, see [upgrade from basic public to standard public load balancer](../load-balancer/upgrade-basic-standard.md).
 
 * To upgrade a basic public IP to standard, see [upgrade from basic public to standard public IP](../virtual-network/ip-services/public-ip-upgrade-portal.md).
 
-* To upgrade a basic public IP with an attached VM to standard, see [upgrade a basic public IP with an attached VM](/azure/virtual-network/ip-services/public-ip-upgrade-vm).
+* To upgrade a basic public IP with an attached virtual machine to standard, see [upgrade a basic public IP with an attached virtual machine](/azure/virtual-network/ip-services/public-ip-upgrade-virtual machine).
 
 ### NAT gateway can't be attached to a gateway subnet
 
 NAT gateway can't be deployed in a gateway subnet. A gateway subnet is used by a VPN gateway for sending encrypted traffic between an Azure virtual network and on-premises location. See [VPN gateway overview](../vpn-gateway/vpn-gateway-about-vpngateways.md) to learn more about how gateway subnets are used by VPN gateway.
 
-### Can't attach NAT gateway to a subnet that contains a virtual machine NIC in a failed state
+### Can't attach NAT gateway to a subnet that contains a virtual machine network interface in a failed state
 
-When associating a NAT gateway to a subnet that contains a virtual machine network interface (NIC) in a failed state, you receive an error message indicating that this action can't be performed. You must first resolve the VM NIC failed state before you can attach a NAT gateway to the subnet.
+When associating a NAT gateway to a subnet that contains a virtual machine network interface (network interface) in a failed state, you receive an error message indicating that this action can't be performed. You must first resolve the virtual machine network interface failed state before you can attach a NAT gateway to the subnet.
 
-To get your virtual machine NIC out of a failed state, you can use one of the two following methods. 
+To get your virtual machine network interface out of a failed state, you can use one of the two following methods. 
 
-#### Use PowerShell to get your virtual machine NIC out of a failed state
+#### Use PowerShell to get your virtual machine network interface out of a failed state
 
-1. Determine the provisioning state of your NICs using the [Get-AzNetworkInterface PowerShell command](/powershell/module/az.network/get-aznetworkinterface#example-2-get-all-network-interfaces-with-a-specific-provisioning-state) and setting the value of the "provisioningState" to "Succeeded".
+1. Determine the provisioning state of your network interfaces using the [Get-AzNetworkInterface PowerShell command](/powershell/module/az.network/get-aznetworkinterface#example-2-get-all-network-interfaces-with-a-specific-provisioning-state) and setting the value of the "provisioningState" to "Succeeded."
 
-2. Perform [GET/SET PowerShell commands](/powershell/module/az.network/set-aznetworkinterface#example-1-configure-a-network-interface) on the network interface to update the provisioning state.
+1. Perform [GET/SET PowerShell commands](/powershell/module/az.network/set-aznetworkinterface#example-1-configure-a-network-interface) on the network interface. The PowerShell commands update the provisioning state.
 
-3. Check the results of this operation by checking the provisioning state of your NICs again (follow commands from step 1).
+1. Check the results of this operation by checking the provisioning state of your network interfaces again (follow commands from step 1).
 
-#### Use Azure Resource Explorer to get your virtual machine NIC out of a failed state 
+#### Use Azure Resource Explorer to get your virtual machine network interface out of a failed state 
 
 1. Go to [Azure Resource Explorer](https://resources.azure.com/) (recommended to use Microsoft Edge browser) 
 
-2. Expand Subscriptions (takes a few seconds for it to appear on the left) 
+1. Expand Subscriptions (takes a few seconds for it to appear).
 
-3. Expand your subscription that contains the VM NIC in the failed state 
+1. Expand your subscription that contains the virtual machine network interface in the failed state.
 
-4. Expand resourceGroups 
+1. Expand resourceGroups.
 
-5. Expand the correct resource group that contains the VM NIC in the failed state 
+1. Expand the correct resource group that contains the virtual machine network interface in the failed state.
 
-6. Expand providers 
+1. Expand providers.
 
-7. Expand Microsoft.Network 
+1. Expand Microsoft.Network. 
 
-8. Expand networkInterfaces 
+1. Expand networkInterfaces.
 
-9. Select on the NIC that is in the failed provisioning state 
+1. Select on the network interface that is in the failed provisioning state.
 
-10. Select the Read/Write button at the top 
+1. Select the Read/Write button at the top.
 
-11. Select the green GET button 
+1. Select the green GET button.
 
-12. Select the blue EDIT button 
+1. Select the blue EDIT button.
 
-13. Select the green PUT button 
+1. Select the green PUT button.
 
-14. Select Read Only button at the top 
+1. Select Read Only button at the top.
 
-15. The VM NIC should now be in a succeeded provisioning state, you can close your browser 
+1. The virtual machine network interface should now be in a succeeded provisioning state. You can close your browser. 
 
 ## Add or remove public IP addresses
 
@@ -166,15 +167,15 @@ The following IP prefix sizes can be used with NAT gateway:
 
 ### IPv6 coexistence
 
-[NAT gateway](nat-overview.md) supports IPv4 UDP and TCP protocols. NAT gateway can't be associated to an IPv6 Public IP address or IPv6 Public IP Prefix. NAT gateway can be deployed on a dual stack subnet, but only uses IPv4 Public IP addresses for directing outbound traffic. Deploy NAT gateway on a dual stack subnet when you need IPv6 resources to exist in the same subnet as IPv4 resources. See [Configure dual stack outbound connectivity with NAT gateway and public Load balancer](/azure/virtual-network/nat-gateway/tutorial-dual-stack-outbound-nat-load-balancer?tabs=dual-stack-outbound-portal) to learn how to provide IPv4 and IPv6 outbound connectivity from your dual stack subnet.
+[NAT gateway](nat-overview.md) supports IPv4 UDP and TCP protocols. NAT gateway can't be associated to an IPv6 Public IP address or IPv6 Public IP Prefix. NAT gateway can be deployed on a dual stack subnet, but only uses IPv4 Public IP addresses for directing outbound traffic. Deploy NAT gateway on a dual stack subnet when you need IPv6 resources to exist in the same subnet as IPv4 resources. For more information about how to provide IPv4 and IPv6 outbound connectivity from your dual stack subnet, see [Dual stack outbound connectivity with NAT gateway and public Load balancer](/azure/virtual-network/nat-gateway/tutorial-dual-stack-outbound-nat-load-balancer?tabs=dual-stack-outbound-portal).
 
-### Can't use basic SKU public IPs with NAT gateway 
+### Can't use basic public IPs with NAT gateway 
 
-NAT gateway is a standard SKU resource and can't be used with basic SKU resources, including basic public IP addresses. You can upgrade your basic SKU public IP address in order to use with your NAT gateway using the following guidance: [Upgrade a public IP address](../virtual-network/ip-services/public-ip-upgrade-portal.md) 
+NAT gateway is a standard resource and can't be used with basic resources, including basic public IP addresses. You can upgrade your basic public IP address in order to use with your NAT gateway using the following guidance: [Upgrade a public IP address.](../virtual-network/ip-services/public-ip-upgrade-portal.md) 
 
 ### Can't mismatch zones of public IP addresses and NAT gateway 
 
-NAT gateway is a [zonal resource](./nat-availability-zones.md) and can either be designated to a specific zone or to ‘no zone’. When NAT gateway is placed in ‘no zone’, Azure places the NAT gateway into a zone for you, but you don't have visibility into which zone the NAT gateway is located. 
+NAT gateway is a [zonal resource](./nat-availability-zones.md) and can either be designated to a specific zone or to "no zone." When NAT gateway is placed in "no zone," Azure places the NAT gateway into a zone for you, but you don't have visibility into which zone the NAT gateway is located. 
 
 NAT gateway can be used with public IP addresses designated to a specific zone, no zone, all zones (zone-redundant) depending on its own availability zone configuration.
 
@@ -189,19 +190,21 @@ NAT gateway can be used with public IP addresses designated to a specific zone,
 ## More troubleshooting guidance
 
 If the issue you're experiencing isn't covered by this article, refer to the other NAT gateway troubleshooting articles:
-* [Troubleshoot outbound connectivity with NAT Gateway](/azure/nat-gateway/troubleshoot-nat-connectivity)
-* [Troubleshoot outbound connectivity with NAT Gateway and other Azure services](/azure/nat-gateway/troubleshoot-nat-and-azure-services)
+
+* [Troubleshoot outbound connectivity with NAT Gateway](/azure/nat-gateway/troubleshoot-nat-connectivity).
+
+* [Troubleshoot outbound connectivity with NAT Gateway and other Azure services](/azure/nat-gateway/troubleshoot-nat-and-azure-services).
 
 ## Next steps
 
-We're always looking to improve the experience of our customers. If you're experiencing issues with NAT gateway that aren't listed or resolved by this article, submit feedback through GitHub via the bottom of this page. We'll address your feedback as soon as possible. 
+If you're experiencing issues with NAT gateway not listed or resolved by this article, submit feedback through GitHub via the bottom of this page. We address your feedback as soon as possible to improve the experience of our customers.
 
 To learn more about NAT gateway, see:
 
-* [Azure NAT Gateway](nat-overview.md)
+* [What is Azure NAT Gateway?](nat-overview.md).
 
-* [NAT gateway resource](nat-gateway-resource.md)
+* [Azure NAT gateway resource](nat-gateway-resource.md).
 
-* [Manage NAT gateway](./manage-nat-gateway.md)
+* [Manage a NAT gateway](./manage-nat-gateway.md).
 
 * [Metrics and alerts for NAT gateway resources](nat-metrics.md).
