Problem with Edge device and multiple ip assignments

Hi, I'm having a trouble when assigning multiple ip's to edge device.

My platform is normal vdirector 5.5, vshield manager 5.5 and vcenter/esxi 5.5 beneath all that. Same problem also occured with 5.0 and 5.1 products.

Usually I assign just one "real" ip per customer vdc, but sometimes there's a need to add more later on. If 1st assigned ip is x.x.x.26 for example, and there's couple of customers which came later on, new ip addresses can be allocated little bit further away, like x.x.x.30-33.

When allocating and configuring those new 30-33 ip addresses to edge device, and applying basic dnat/snat rules, "stranded" ip which was allocated earlier, .26 in this case, stops working. No traffic, cannot ping, etc..

What could be the problem?

0 Kudos
1 Reply

I found the order of the NAT rules matter.  Here is what works for me:

Action, original IP, translated IP

SNAT, orignal IP: first VM IP, translated ip: first Edge uplink IP

DNAT, original IP: first edge uplink IP, translated IP: first VM IP

SNAT, orignal IP: second VM IP, translated ip: second Edge uplink IP

DNAT, original IP: second edge uplink IP, translated IP: second VM IP

and so on

Also the "Applied On" interface has to be the uplink interface, regardless of whether it's an SNAT or DNAT rule.

Does that make sense?

0 Kudos