# How to Create a NAT Gateway A Virtual Private Cloud (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks are inaccessible from the public internet and other VPC networks, and traffic on them doesn’t count against bandwidth usage. You can link VPC networks to each other using VPC peering connections. VPC Network Address Translation (NAT) Gateway is a software-defined NAT Gateway service that centralizes outbound internet access for VPC resources within a datacenter. This enables isolating backend IPs while maintaining secure internet access. You can create NAT gateways using the control panel, the command line `doctl`, or the DigitalOcean API. ## Create a NAT Gateway Using the CLI To create a NAT gateway, you need to provide the ID of a VPC network to place the gateway in. You can find a list of your VPC networks and their IDs using the [`doctl vpcs list`](https://docs.digitalocean.com/reference/doctl/reference/compute/region/list/index.html.md) command. ## How to Create a NAT Gateway Using the DigitalOcean CLI 1. [Install `doctl`](https://docs.digitalocean.com/reference/doctl/how-to/install/index.html.md), the official DigitalOcean CLI. 2. [Create a personal access token](https://docs.digitalocean.com/reference/api/create-personal-access-token/index.html.md) and save it for use with `doctl`. 3. Use the token to grant `doctl` access to your DigitalOcean account. ```shell doctl auth init ``` 4. Finally, run `doctl compute vpc-nat-gateway create`. Basic usage looks like this, but you can [read the usage docs](https://docs.digitalocean.com/reference/doctl/reference/compute/vpc-nat-gateway/create/index.html.md) for more details: ```shell doctl compute vpc-nat-gateway create [flags] ``` When provisioning of the gateway starts, the state of the gateway displayed in the `State` column, updates to `PROVISIONING` instead of `NEW`. Then, it changes to `ACTIVE` when the provisioning process completes. Next, you can set up your backend resources to route traffic through the gateway, as described in [How to Configure Droplets for NAT Gateway](https://docs.digitalocean.com/products/networking/vpc/how-to/configure-droplet-nat-gateway/index.html.md) or [How to Configure DOKS for NAT Gateway](https://docs.digitalocean.com/products/networking/vpc/how-to/configure-doks-nat-gateway/index.html.md). ## Create a NAT Gateway Using the API To create a NAT gateway, you need to provide the ID of a VPC network. You can find a list of your VPC networks and their IDs by using the [`/v2/vpcs`](https://docs.digitalocean.com/reference/api/digitalocean/index.html.md#operation/vpcs_list) endpoint. ## How to Create a NAT Gateway Using the DigitalOcean API 1. [Create a personal access token](https://docs.digitalocean.com/reference/api/create-personal-access-token/index.html.md) and save it for use with the API. 2. Send a POST request to [`https://api.digitalocean.com/v2/vpc_nat_gateways`](https://docs.digitalocean.com/reference/api/digitalocean//index.html.md#operation/vpcnatgateways_create). ### cURL Using cURL: ```shell curl -X POST \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \ -d '{ "name": "test-vpc-nat-gateways", "type": "PUBLIC", "region": "tor1", "size": 1, "vpcs": [ { "vpc_uuid": "0eb1752f-807b-4562-a077-8018e13ab1fb", "default_gateway": true } ], "udp_timeout_seconds": 30, "icmp_timeout_seconds": 30, "tcp_timeout_seconds": 30 }' \ "https://api.digitalocean.com/v2/vpc_nat_gateways" ``` The `state` of the gateway is `NEW` until `PROVISIONING` starts, then it becomes `ACTIVE` when the provisioning process completes. Read [How to Configure Droplets for NAT Gateway](https://docs.digitalocean.com/products/networking/vpc/how-to/configure-droplet-nat-gateway/index.html.md) or [How to Configure DOKS for NAT Gateway](https://docs.digitalocean.com/products/networking/vpc/how-to/configure-doks-nat-gateway/index.html.md) to set up your backend resources to route traffic through the gateway. ## Create a NAT Gateway Using the Control Panel To create a NAT gateway using the control panel, click **Networking** in the left menu, then click the **VPC** tab. In the **VPC** tab, click **Actions**, then **Create a NAT Gateway**. On the **Create NAT Gateway** page, configure the following options: ### Choose a region Choose the NAT gateway’s datacenter region. ### Select a VPC Select a VPC network from any datacenter within the chosen region. The VPC network list is automatically filtered based on the selected region and the search terms. ### Choose a size The NAT gateway’s size scales the cost, available bandwidth, and outbound data transfer allotment. ### Timeouts Enter the desired idle timeouts in seconds for TCP, UDP, and ICMP connections. #### Set as default IP route for this VPC Select this checkbox to set this NAT gateway as the default IP route for the VPC network. Droplets configured to use the VPC gateway IP automatically route through the default NAT gateway. Only one NAT gateway can be set as the default gateway for a VPC at a time. Read [How to Configure Droplets for NAT Gateway](https://docs.digitalocean.com/products/networking/vpc/how-to/configure-droplet-nat-gateway/index.html.md) for instructions. ### Finalize Finalize the NAT gateway by optionally creating a unique name for it. You can change the name at any time. Review your total cost in the summary area at the upper-right corner of the control panel, then click **Create NAT Gateway** to create the NAT gateway. After the provisioning completes, you can see an overview of the NAT gateway’s configuration and costs in the **Overview** tab. ![NAT Gateway overview tab showing configuration details, monthly cost, associated VPC network, public IP address, and routing table IP address.](https://docs.digitalocean.com/screenshots/vpc/nat-gateway-overview.41bf938c4a54d941db01de4046dc94b9c91b50c3088fd52fcb33f01e804867d8.png) Note the **Routing table IP address**, which you need to configure your Droplet or DOKS routing tables to send traffic through the gateway. Read [How to Configure Droplets for NAT Gateway](https://docs.digitalocean.com/products/networking/vpc/how-to/configure-droplet-nat-gateway/index.html.md) or [How to Configure DOKS for NAT Gateway](https://docs.digitalocean.com/products/networking/vpc/how-to/configure-doks-nat-gateway/index.html.md) for instructions.