diff --git a/lib/types/workload.go b/lib/types/workload.go
index 7cb2cff..2f03f4c 100644
--- a/lib/types/workload.go
+++ b/lib/types/workload.go
@@ -107,14 +107,15 @@ type AzureWorkloadConfig struct {
 }
 
 type NetworkConfig struct {
-	VnetCidr             string `yaml:"vnet_cidr"`
-	PublicSubnetCidr     string `yaml:"public_subnet_cidr"`
-	PrivateSubnetCidr    string `yaml:"private_subnet_cidr"`
-	DbSubnetCidr         string `yaml:"db_subnet_cidr"`
-	NetAppSubnetCidr     string `yaml:"netapp_subnet_cidr"`
-	AppGatewaySubnetCidr string `yaml:"app_gateway_subnet_cidr"`
-	ProvisionedVnetID    string `yaml:"provisioned_vnet_id"`
-	VnetRsgName          string `yaml:"vnet_rsg_name"`
+	VnetCidr                  string `yaml:"vnet_cidr"`
+	PublicSubnetCidr          string `yaml:"public_subnet_cidr"`
+	PrivateSubnetCidr         string `yaml:"private_subnet_cidr"`
+	PrivateSubnetRouteTableID string `yaml:"private_subnet_route_table_id"`
+	DbSubnetCidr              string `yaml:"db_subnet_cidr"`
+	NetAppSubnetCidr          string `yaml:"netapp_subnet_cidr"`
+	AppGatewaySubnetCidr      string `yaml:"app_gateway_subnet_cidr"`
+	ProvisionedVnetID         string `yaml:"provisioned_vnet_id"`
+	VnetRsgName               string `yaml:"vnet_rsg_name"`
 }
 
 // AzureUserNodePoolConfig defines configuration for a single user node pool in AKS
diff --git a/python-pulumi/src/ptd/azure_workload.py b/python-pulumi/src/ptd/azure_workload.py
index dae9a08..32f46ad 100644
--- a/python-pulumi/src/ptd/azure_workload.py
+++ b/python-pulumi/src/ptd/azure_workload.py
@@ -32,6 +32,7 @@ class NetworkConfig:
     public_subnet_cidr: str | None = None
     vnet_rsg_name: str | None = None
     dns_forward_domains: list[dict[str, str]] = dataclasses.field(default_factory=list)
+    private_subnet_route_table_id: str | None = None
 
     def __post_init__(self):
         """Validate DNS forward domain entries if configured."""
diff --git a/python-pulumi/src/ptd/pulumi_resources/azure_workload_persistent.py b/python-pulumi/src/ptd/pulumi_resources/azure_workload_persistent.py
index b097580..2ac41eb 100644
--- a/python-pulumi/src/ptd/pulumi_resources/azure_workload_persistent.py
+++ b/python-pulumi/src/ptd/pulumi_resources/azure_workload_persistent.py
@@ -177,11 +177,6 @@ def _define_vnet(self):
             resource_group_name=self.vnet_rsg_name,
             virtual_network_name=self.vnet_name,
             address_prefix=self.workload.cfg.network.private_subnet_cidr,
-            **(
-                {"nat_gateway": network.SubResourceArgs(id=self.nat_gw.id)}
-                if self.workload.cfg.network.public_subnet_cidr
-                else {}
-            ),
             service_endpoints=[
                 network.ServiceEndpointPropertiesFormatArgs(
                     locations=[self.workload.cfg.region],
@@ -193,6 +188,16 @@ def _define_vnet(self):
                 ),
             ],
             network_security_group=network.SubResourceArgs(id=private_nsg.id),
+            **(
+                {"nat_gateway": network.SubResourceArgs(id=self.nat_gw.id)}
+                if self.workload.cfg.network.public_subnet_cidr
+                else {}
+            ),
+            **(
+                {"route_table": network.SubResourceArgs(id=self.workload.cfg.network.private_subnet_route_table_id)}
+                if self.workload.cfg.network.private_subnet_route_table_id
+                else {}
+            ),
             opts=pulumi.ResourceOptions(
                 parent=self.vnet if hasattr(self, "vnet") and self.vnet else None,
                 protect=self.workload.cfg.protect_persistent_resources,