VMware Cloud Community
TimR26
Enthusiast
Enthusiast
‎07-09-2015 05:50 AM
Jump to solution

looking for NAT/Firewall/Static Routing guidance

Hello,

I'm very new to vCloud Network and Security. I have been reading the documentation but it can be confusing for me. I have attached a diagram to help provide context as to what I'm trying to achieve. Keep in mind the IP addressing was changed for security purposes. Address ranges are not accurate but there for context.

We have a routed org with a single VM vApp, directly connected to VDC-Net. This is a Linux server. We have a vShield Edge appliance. There are no firewall rules, NAT, static routes configured. Essentially fresh deployment. The owner of the server would like to be able to connect to a Linux repo for updates/etc.

For testing purposes, I disabled the vShield firewall to allow all traffic through. from the Linux server I was able to ping both addresses assigned to the vShield edge (192.168.1.1 and 10.10.16.17) but I could not ping 10.10.2.140. This leads me to believe the vShield Edge does not know how to route packets between 192.168.1.0/24 and 10.10.0.0/16.

I've been reading and from what I'm gathering is I need to configure NAT, and firewall rules to achieve this. I've googled everything I can and now I'm just confused. Can someone please provide me with some guidance?

Preview file
11 KB
Reply
0 Kudos
1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
‎07-09-2015 07:24 AM
Jump to solution

Vshield Edge routing functionality is similar to any traditional routers.By default It can only discover directly attached networks and route the packets,in this case 192.168.1.0/24 and 10.10.16.0/16 are direct networks.So if you need to reach any other private network,we need to define a Static route(Since Dynamic Routing is not supported/configurable in vshield edges).For Linux VM 192.168.1.10/24 to reach public network,define a NAT in vShield edge NAT rules and allow the appropriate firewalls rules.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

Reply
0 Kudos
1 Reply
Sreec
VMware Employee
VMware Employee
‎07-09-2015 07:24 AM
Jump to solution

Vshield Edge routing functionality is similar to any traditional routers.By default It can only discover directly attached networks and route the packets,in this case 192.168.1.0/24 and 10.10.16.0/16 are direct networks.So if you need to reach any other private network,we need to define a Static route(Since Dynamic Routing is not supported/configurable in vshield edges).For Linux VM 192.168.1.10/24 to reach public network,define a NAT in vShield edge NAT rules and allow the appropriate firewalls rules.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
Reply
0 Kudos