Hi,

we recently updated from vCloud 1.0.1 to 1.5 and with that all vShield components to v5.

vShield edge deployment runs fine if I create a new routed Org network and the new VSE takes an IP from the pool of the external network.

In version 1.0.1 from the vcloud director I was able to NAT an inside IP to the external IP of the VSE thus requiring only a single "official" IP to make vApps accessible in a cloud environment.

In version 1.5 with vShield 5 the wizard will not let me NAT to the external IP of the VSE. I have to configure a second IP from the same subnet to be able to NAT to internal VMs. This requires at least two official IPs. In a provider environment official IPs are rare and I don't want to spent twice as much IPs as with version 1.0.1.

Is this a new "feature" of vShield Edge 5 or did I misconfigure something?

To be more specific, here is my setup (IPs changed for security reasons):

External network: 10.1.1.0/24 (vCloud director uses 10.1.1.200-205 as static pool)

Org-Network: 192.168.0.0/24

VSE external IP: 10.1.1.200

VSE internal IP: 192.168.0.1

VM in internal network: webserver01 with IP 192.168.0.10

Trying to NAT 10.1.1.200 to 192.168.0.10 -> not possible

Adding a second IP to the VSE: 10.1.1.201 -> OK

NATing 10.1.1.201 to 192.168.0.10 -> OK

In this environment, I have to spent 2 official IPs for a single webserver. Formerly, only the 10.1.1.200 was enough to publish as many VMs from the internal network 192.168.0.0/24.

Thanks for your help.

Oliver