I tried to make dnat rule for whole network (I want to translate whole network to another network):
But when I trying to ping address (for example) 10.222.0.12, I see packet with destination address 10.22.7.203.
How I can to translate whole network one-to-one??
NSX-v (6.4.6)...
Is this NSX-V or NSX-T?
You mention T0 router and the screen capture looks like NSX-T, but you mention NSX-V 6.4.6.
Are you sure you want to configure DNAT? SNAT is more common, where you could, for example, have 10.22.0.0/21 workloads that when want to connect to physical network through T1 they would be translated to 10.222.0.0/21. This way physical network doesn't see 10.22 and only sees 10.222. Would this be what you are trying to accomplish?
I use NSX-v:
I must to make access to 10.22.0.0/21 using 10.222.0.0/21 addresses.
I tried to make src-nat. When I pinging 10.222.0.[any address] ESG sends ARP requests to resolve mac for ip 10.222.0.[address].
I think, I must to translate using dnat only...
If I understood correctly you have workloads inside NSX-V that are in the 10.22.0.0/21 network but you want them to be seen externally as 10.222.0.0/21. Is this correct?
If this is the case you would need 2 different NAT configurations depending on the direction of the traffic:
1) From inside (10.22.0.0/21) to outside:
- configure SNAT with source as 10.22.0.0/21 and destination ANY
- translated address would be 10.222.0.0./21
2) If you need to expose the 10.22.0.0/21 workloads to the outside, with source being the outside you need DNAT:
- configure DNAT with source ANY and destination each individual IP you need to expose using the 10.222.0.0/21 network
- translated address would be the original IP in the 10.22.0.0/21 network
For DNAT you cannot do NAT "overload". Since the flow starts from the outside you need a 1:1 NAT mapping to know to which specific destination traffic is intended.
Hope this helps.