NAT Rules on Tier 1 Gateway in NSX-T 3.0


I’m testing NSX-T 3.0. As I understand, i can assign an uplink to a Tier-0 router to the physical environment, but then, for example, i can create the NAT rules on the linked Tier-1 router. I can assign a segment to the Tier-1 gateway and create the NAT rules on the Tier-0 gateway , which then work . However, if I want to create the rules on the Tier 1 gateway, they will not work. I also noticed that in the HOL LAB environment with NSX-T 2.5, when creating a NAT rule on the Tier-1 router under “ Apply to ”, the Tier-0 Interface is displayed. However, when I install it in NSX-T 3.0, I cannot see the Interface in Tier-1 Nat Rules. I have already deleted all gateways (Tier-1 and Tier-0) in the HOL Lab and created them as in my environment, the interface is always displayed, but not in my environment.

As it should be in the VMware HOL Lab with NSX-T 2.5:

Interface on the Tier-0 gateway:


In the Tier-1 NAT rules under “ Apply To ” I can find the interface (this is missing in my NSX-T 3.0 installation):



When I create NAT rules on the Tier-1 Gateway, which also work, I can see the interface on Tier-0 NAT Rules:

But not on the Tier 1 Gateway (Tier 1 Gateway is linked to Tier 0 Gateway & NAT Rues i defined on Tier-0 works to VMs on the Tier-1 Gateway):

My route advertisement settings on the Tier-1 (although I can also remove all settings in the HOL LAB environment and the interface is still displayed on the Tier-1 router):

And on Tier 0 (Again, however, I can remove everything in the HOL LAB and the interface is still displayed (Clearly the rules then no longer work):


Does anyone have an idea why when I create NAT rules on the Tier-1 gateway, the interface from Tier-0 is not displayed? I Think this is the Problem, that the NAT Rules on the Tier-1 Router not working.

0 Kudos
1 Reply
Hot Shot
Hot Shot


I do not use apply to and it works fine. (in this case it is a SNAT from private subnet to a public IP)


On the T0 i see the specific .162: (as a t1n = tier-1 nat)


Also on the upstream router i see the ip:


Can you check the routing tables on the T0 and the uplink router ?

p0wertje | VCIX6-NV | JNCIS-ENT | vExpert
Please kudo helpful posts and mark the thread as solved if solved
0 Kudos