Home > Data Protection > PowerProtect Data Manager > White Papers > Cloud Disaster Recovery Best Practices > NAT
It is recommended to use a public IPv4 for the CDRA in order to prevent network issues with deployment and protection to the cloud. While officially it was not qualified, working with NAT should work, and there are several customers working with a CDRA that uses NAT.
Leveraging a VPN connection between your on-premises and your cloud account is supported only for those who work with a Cloud DR Add-on. It is not supported with RecoverPoint for VMs or with PowerProtect Data Manager.
Make sure your VPN connection is already configured before deploying Cloud DR. There should be a VPC on your AWS account or a Vnet on your Azure subscription that is connected to your on-premises environment.
If you are using Network ACL, make sure none are blocking the connectivity of the Cloud DR components.
The CDRA must have access to AWS/Azure service endpoints, including access to S3/Storage Accounts for uploading protected VMs data.
For detailed instructions about deploying Cloud DR and using a VPN connection, review the information in VPN.
If your Azure Vnet has a custom DNS servers list, the DNS servers must be able to resolve file names that were uploaded to the storage account. If they cannot do that, you will need to add the Azure DNS server 168.63.129.16 to your custom servers list before attempting to deploy. For additional information refer to: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances