lukasbe12
Contributor
Contributor

NAT Rules on Tier 1 Gateway in NSX-T 3.0

Hello

I’m testing NSX-T 3.0. As I understand, i can assign an uplink to a Tier-0 router to the physical environment, but then, for example, i can create the NAT rules on the linked Tier-1 router. I can assign a segment to the Tier-1 gateway and create the NAT rules on the Tier-0 gateway , which then work . However, if I want to create the rules on the Tier 1 gateway, they will not work. I also noticed that in the HOL LAB environment with NSX-T 2.5, when creating a NAT rule on the Tier-1 router under “ Apply to ”, the Tier-0 Interface is displayed. However, when I install it in NSX-T 3.0, I cannot see the Interface in Tier-1 Nat Rules. I have already deleted all gateways (Tier-1 and Tier-0) in the HOL Lab and created them as in my environment, the interface is always displayed, but not in my environment.

As it should be in the VMware HOL Lab with NSX-T 2.5:

Interface on the Tier-0 gateway:

nsx-1.png

In the Tier-1 NAT rules under “ Apply To ” I can find the interface (this is missing in my NSX-T 3.0 installation):

nsx-2.png

nsx-3.png

When I create NAT rules on the Tier-1 Gateway, which also work, I can see the interface on Tier-0 NAT Rules:
nsx-4.png

But not on the Tier 1 Gateway (Tier 1 Gateway is linked to Tier 0 Gateway & NAT Rues i defined on Tier-0 works to VMs on the Tier-1 Gateway):
nsx-5.png

My route advertisement settings on the Tier-1 (although I can also remove all settings in the HOL LAB environment and the interface is still displayed on the Tier-1 router):
nsx-6.png

And on Tier 0 (Again, however, I can remove everything in the HOL LAB and the interface is still displayed (Clearly the rules then no longer work):

nsx-7.png

Does anyone have an idea why when I create NAT rules on the Tier-1 gateway, the interface from Tier-0 is not displayed? I Think this is the Problem, that the NAT Rules on the Tier-1 Router not working.

0 Kudos
1 Reply
p0wertje
Hot Shot
Hot Shot

Hi,

I do not use apply to and it works fine. (in this case it is a SNAT from private subnet to a public IP)

pastedImage_0.png

On the T0 i see the specific .162: (as a t1n = tier-1 nat)

pastedImage_1.png

Also on the upstream router i see the ip:

pastedImage_2.png

Can you check the routing tables on the T0 and the uplink router ?

Cheers,
p0wertje | VCIX6-NV | JNCIS-ENT
Please kudo helpful posts and mark the thread as solved if solved
0 Kudos