diff --git a/banyan.tf b/banyan.tf
index 0501480..fafa28c 100644
--- a/banyan.tf
+++ b/banyan.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     banyan = {
       source  = "banyansecurity/banyan"
-      version = ">=1.1.0"
+      version = ">=1.2.0"
     }
   }
 }
diff --git a/main.tf b/main.tf
index 0ec72ed..cbf0648 100644
--- a/main.tf
+++ b/main.tf
@@ -110,8 +110,11 @@ resource "google_compute_instance_template" "accesstier_template" {
 
   network_interface {
     subnetwork = data.google_compute_subnetwork.accesstier_subnet.name
-    access_config {
-      // Ephemeral public IP. Load balancer IP is static and used as access tier endpoint
+    # Set instance to use EIPs when not using NAT
+    dynamic "access_config" {
+      for_each = var.instance_eip == false ? [] : [""]
+      content {
+      }
     }
   }
 
@@ -125,9 +128,6 @@ resource "google_compute_instance_template" "accesstier_template" {
     "modprobe nf_conntrack \n",
     "echo '65536' > /proc/sys/net/netfilter/nf_conntrack_buckets \n",
     "echo '262144' > /proc/sys/net/netfilter/nf_conntrack_max \n",
-    "# Setting up an iptables DNAT to fix google's UDP load balancers DSR implementation, which forward the traffic with an untranslated destination \n",
-    "apt-get update \n",
-    "export DEBIAN_FRONTEND=noninteractive; apt-get -y install iptables-persistent && echo 'iptables persistent installed' \n",
     "iptables -t nat -I PREROUTING -p udp --dport ${var.tunnel_port} -j DNAT --to-destination $(hostname -i) && echo 'DNAT rule applied' \n",
     "echo 'installing Netagent' \n",
     var.datadog_api_key != null ? "curl -L https://s3.amazonaws.com/dd-agent/scripts/install_script.sh | DD_AGENT_MAJOR_VERSION=7 DD_API_KEY=${var.datadog_api_key} DD_SITE=datadoghq.com bash -v \n" : "",
diff --git a/variables.tf b/variables.tf
index 43bf32f..9ace796 100644
--- a/variables.tf
+++ b/variables.tf
@@ -198,3 +198,9 @@ variable "staging_repo" {
   description = "If set, the staging deb repository will be used for the netagent install. For internal use only."
   default     = null
 }
+
+variable "instance_eip" {
+  type        = bool
+  description = "If true, configuring an public IP on the instance. If using a NAT, set to false to avoid using a public IP on the instance"
+  default     = true
+}