NAT Rules for NSX Integration

vCloud Director NAT (Network Address Translation) service translates source or destination IP addresses and port numbers. In the most common case, you associate a NAT service with an uplink interface on an Edge Gateway so that addresses on organization VDC networks are not exposed on the external network.

You can view/create/edit/delete NAT rules using OnApp Control Panel.

This functionality is available for users with the vCloud Organization Administrator role.

Create NAT Rules

To add a new NAT rule for NSX integration:

Go to your Control Panel > Cloud > Edge Gateways > Edge gateway's label > Nat Service tab.
Click the "+" button.
On the page that appears specify the following parameters:
For DNAT rules:
- Applied on - select the vCloud Director external network where the rule will be applied
- Protocol - select the type of protocol (TCP, UDP, ICMP or Any)
- Original IP - specify the original IP address to apply this rule on
- Original port - specify the port of original IP address
- Translated IP - specify the IP address to translate the addresses of outgoing packets to
- Translated port - specify the port of translated IP address
- Description - add description if any

For SNAT rules:

- Applied on - select the vCloud Director external network where the rule will be applied
- Original IP - specify original IP address to apply this rule on and click the "?" icon to configure IP nets and IP ranges
- IP Net - select an IP net from which the original IP address should be assigned
- IP Range - select an IP range from which the original IP address should be assigned
- Translated IP - specify the IP address to translate the addresses of outgoing packets to and click the "?" icon to configure IP nets and IP ranges
- IP Net - select an IP range from which the translated IP address should be assigned
- IP Range - select an IP range from which the translated IP address should be assigned
- Description - add description if any

4. Click the Apply Rules button to save the changes.

Edit NAT Rule

Go to your Control Panel > Cloud > Edge Gateways > Edge gateway's label > Nat Service tab.
Click the icon next to the NAT rule, which you want to edit.
On the page that appears change the following parameters:
For DNAT rules:
- Applied on - select the vCloud Director external network where the rule will be applied
- Protocol - select the type of protocol (TCP, UDP, ICMP or Any)
- Original IP - specify the original IP address to apply this rule on
- Original port - specify the port of original IP address
- Translated IP - specify the IP address to translate the addresses of outgoing packets to
- Translated port - the port of translated IP address
- Description - add description if any

For SNAT rules:

- Applied on - select the vCloud Director external network where the rule will be applied
- Original IP - specify original IP address to apply this rule on and click the "?" icon to configure IP nets and IP ranges
- IP Net - select an IP net from which the original IP address should be assigned
- IP Range - select an IP range from which the original IP address should be assigned
- Translated IP - specify the IP address to translate the addresses of outgoing packets to and click the "?" icon to configure IP nets and IP ranges
- IP Net - select an IP net from which the translated IP address should be assigned
- IP Range - select an IP range from which the translated IP address should be assigned
- Description - add description if any

4. Click the Apply Rules button to save the changes.

Delete NAT Rules

To delete a NAT rule:

Go to your Control Panel > Cloud > Edge Gateways > Edge gateway's label
Click the Nat Service tab.
On the page that appears you will see the list of all NAT rules.
Select a rule from the list, and then click the button above the table.
Click the Save button to apply the changes.

See also: