Advanced Networking Services Guide
Table Of Contents
- vCloud Air Advanced Networking Services Guide
- Contents
- Preface
- Introducing Advanced Networking Services for vCloud Air
- Advanced Routing for vCloud Air
- Certificate and Security Group Management
- Network Security and Isolation
- Load Balancing
- Secure Access Using Virtual Private Networks
- IP Service Management: NAT and DHCP
- Index
n
Configuring multiple NAT rules on multiple edge gateway interfaces
IMPORTANT By default, edge gateways are deployed with firewall rules configured to deny all network
traffic to and from the virtual machines on the edge gateway networks. Also, NAT is disabled by default so
that edge gateways are unable to translate the IP addresses of the incoming and outgoing traffic. You must
configure both firewall and NAT rules on an edge gateway for the virtual machines on an edge gateway
network to be accessible. Attempting to ping a virtual machine on a network after configuring a NAT rule
will fail without adding a firewall rule to allow the corresponding traffic.
Add an SNAT or DNAT Rule
You can create a source NAT (SNAT) or rule to change the source IP address from a public to private IP
address or the reverse. You can create a destination NAT (DNAT) rule to change the destination IP address
from a public to private IP address or the reverse.
When creating NAT rules, you can specify the original and translated IP addresses by using the following
formats:
n
IP address; for example, 192.0.2.0
n
IP address range; for example, 192.0.2.0-192.0.2.24
n
IP address/subnet mask; for example, 192.0.2.0/24
n
any
Prerequisites
The translated (public) IP address must have been added to the edge gateway interface on which you want
to add the rule.
Procedure
1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.
See “Log In and Navigate to Advanced Networking Services,” on page 9 for information.
2 Click the SSL VPN-Plus tab and NAT.
3
Click the Add (
) icon and choose one of the following options:
Option Description
Add DNAT Rule
A DNAT rule changes the destination IP address and, optionally, port of
inbound packets.
Add SNAT Rule
An SNAT rule changes the source IP address and, optionally, port of
outgoing packets.
4 Select the interface on which to apply the rule.
5 Depending on which type of NAT rule you are creating, complete the following options:
Destination NAT (DNAT) (outside -> inside)
Option Description
Original IP/Range
Specifies the destination IP address to which the rule applies; this address
is always the public IP address of the edge gateway for which you are
configuring the DNAT rule. Type the required IP address.
Protocol
Select the protocol to which the rule applies.
Original Port/Range
(Optional) Select the port or port range that the incoming traffic uses on
the edge gateway to connect to the internal network on which the virtual
machines are connected.
vCloud Air Advanced Networking Services Guide
68 VMware, Inc.