NSX – Configure NAT services to provide access to services running on privately addressed virtual machines

NSX Edge provides network address translation (NAT) service to assign a public address to a computer or group of computers in a private network. Using this technology limits the number of public IP addresses that an organization or company must use, for economy and security purposes. You must configure NAT rules to provide access to services running on privately addressed virtual machines.

The NAT service configuration is separated into source NAT (SNAT) and destination NAT (DNAT) rules.

Below are two examples the first of DNAT and the second is SNAT:

DNAT

You create a destination NAT (DNAT) rule to change the destination IP address from a public to private IP address or vice versa. The original (public) IP address must have been added to the NSX Edge interface on which you want to add the rule.

SNAT

You create a source NAT (SNAT) rule to change the source IP address from a public to private IP address or vice versa. The translated (public) IP address must have been added to the NSX Edge interface on which you want to add the rule.

Add a DNAT Rule

1. Log in to the vSphere Web Client.
2. Click Networking & Security and then click NSX Edges.
3. Double-click an NSX Edge.
4. Click the Manage tab and then click the NAT tab.
5. Click the Add (Add icon) icon and select Add DNAT Rule.
6. Select the interface on which to apply the DNAT rule.
7. Type the original (public) IP address in one of the following formats.

IP address – 192.0.2.0
IP address range – 192.0.2.0-192.0.2.24
IP address/subnet – 192.0.2.0/24
any

8. Type the protocol.
9. Type the original port or port range.

Port Number – 80
Port Range – 80-89
Any

10. Type the translated IP address in one of the following formats.

IP address – 192.0.2.0
IP address range – 192.0.2.0-192.0.2.24
IP address/subnet – 192.0.2.0/24
any

11. Type the translated port or port range.

Port Number – 80
Port Range – 80-89
Any

12. Select Enabled to enable the rule.
13. Select Enable logging to log the address translation.
14. Click Add to save the rule.

Add an SNAT Rule

1. Log in to the vSphere Web Client.

2. Click Networking & Security and then click NSX Edges.

3. Double-click an NSX Edge.

4. Click the Manage tab and then click the NAT tab.

5. Click the Add (Add icon) icon and select Add SNAT Rule.

6. Select the interface on which to add the rule.

7. Type the original source IP address in one of the following formats

IP address – 192.0.2.0
IP address range – 192.0.2.0-192.0.2.24
IP address/subnet – 192.0.2.0/24
any

8. Type the translated (public) source IP address in one of the following formats.

IP address – 192.0.2.0
IP address range – 192.0.2.0-192.0.2.24
IP address/subnet – 192.0.2.0/24
any

9. Select Enabled to enable the rule.

10. Click Enable logging to log the address translation.

11. Click OK to add the rule.

12. Click Publish Changes.

Leave a Reply

Your email address will not be published. Required fields are marked *