VMware Cloud Community
Mokshir
Enthusiast
Enthusiast
‎02-26-2014 09:08 AM
Jump to solution

vShield Networking - Configure NAT Rules directly in vShield Mnager

Hi

I have been trying to setup a NAT rule to enable access for users from external network which is not routable to internal network from the vSphere Client  i.e. the plugin for vShield manager. I did not find any documentation to do this. Now if i setup a load balancer it automatically creates a NAT rule. Not sure why I cant do the same  using NAT only. Anyone out there who has done basic NAT using vShield Edge between 2 separate (L2) networks?

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
Mokshir
Enthusiast
Enthusiast
‎06-09-2014 05:14 PM
Jump to solution

I figured out what was wrint with my setup. The EDGE is deployed in out lab where we have internal network accessing the external but not the other way round. As a result we had a different gateway on the VM and hence return traffic never returned to Edge gateway. So it was a problem with my knowledge of NAT.

Following article helpde very much:

http://kickingwaterbottles.wordpress.com/2013/08/12/hairpin-nat-nat-hairpinning-with-vshield-edge/

Thanks,

Mohit Kshirsagar

View solution in original post

0 Kudos
4 Replies
TommyFreddy
Enthusiast
Enthusiast
‎03-15-2014 12:24 PM
Jump to solution

Please have a look may help to you .. http://www.vmware.com/pdf/vshield_501_admin.pdf

0 Kudos
0v3rc10ck3d
Enthusiast
Enthusiast
‎03-20-2014 12:31 PM
Jump to solution

Create a source nat rule applied on the external network connection (the most external) that could be directly to a pool of public IP's or your internal network outside of vCloud depending on how you have it setup.

Choose the original inside (inside of vcloud) network that you want to be able to get out  such as 192.168.1.0/24

Choose the external IP that you want to NAT into such as 74.210.157.12 or an IP on your public network (this needs to be suballocated to the specific edge gateway)

Then create a firewall rule source internal, destination external any any any any

VCIX6 - NV | VCAP5 - DCA / DCD / CID | vExpert 2014,2015,2016 | http://www.vcrumbs.com - My Virtualization Blog!
0 Kudos
Mokshir
Enthusiast
Enthusiast
‎04-22-2014 01:18 PM
Jump to solution

I am a little confused from the previous answer.. I though we use DNAT for external to internal translation. Here is a picture of what I want to do using NAT rule on the vShield Edge. NOTE: I am not using vCloud Director. I am connecting to the vShield Manager directly.

10.11.8.0 is external network, 172.30.100.0 is internal network. Gateway for the Edge device is on the 10.11.8.1 on external network

pastedImage_0.png

I am directly logging into the vShield Manager and configured the DNAT rule.

pastedImage_1.png

I use vCenter log insight for logging and this is what I get in the logs

pastedImage_0.png

Not sure what is it that i am  doing wrong here..

PLEASE HELP....!!

Mohit

0 Kudos
Mokshir
Enthusiast
Enthusiast
‎06-09-2014 05:14 PM
Jump to solution

I figured out what was wrint with my setup. The EDGE is deployed in out lab where we have internal network accessing the external but not the other way round. As a result we had a different gateway on the VM and hence return traffic never returned to Edge gateway. So it was a problem with my knowledge of NAT.

Following article helpde very much:

http://kickingwaterbottles.wordpress.com/2013/08/12/hairpin-nat-nat-hairpinning-with-vshield-edge/

Thanks,

Mohit Kshirsagar

0 Kudos