I have a client connecting to my Azure Virtual Network Gateway (Gateway1) that sits in a Virtual Network (ClientVNet1: 10.13.0.0/16). I want the client to be able to connect to my DB (10.4.2.5) in a different Virtual Network (InternalVnet1: 10.4.0.0/16). I have the VNets successfully peered and connecting to the DB works fine from the client.
I want to add a layer of indirection and have the client connect to 10.13.2.5 (which will forward traffic to 10.4.2.5). I tried to setup a Route Table (for the GatewaySubnet in the ClientVNet1) that forwards all source traffic from 10.13.2.5 to a firewall (Firewall1) in the InternalVnet1. Then in the firewall I tried to setup a DNAT to redirect to 10.4.2.5. This doesn't seem to work. Is this the correct way to go about doing this?
Or do I need to setup a private IP (network interface) with IP Forwarding Enabled, then associate to a VM that acts as a NVA (Network Virtual Appliance)?