A company uses Cloud NAT to enable outbound connectivity for private VMs. They notice that some VMs are not able to reach a specific external IP range. The VMs have no tags or service accounts. What is the most likely cause?
Cloud NAT is applied per subnet; VMs in other subnets won't use it unless also configured.
Why this answer
Option C is correct because Cloud NAT uses the source IP address of the VM to determine which NAT IP to use, and if the VM is not in the subnet where Cloud NAT is configured, it won't use that NAT. Option A is wrong because Cloud NAT does not require a default route via the NAT gateway; it works with dynamic routes. Option B is wrong because there is no static route requirement.
Option D is wrong because Cloud NAT does use unique external IPs per VM if configured, but that wouldn't block traffic.