I have numerous Elastic IPs provisioned with NAT rules translating to internal IPs and I've come across an odd behavior. NAT and web access to websites(that resolve to EIP) works perfectly from external Internet sources. However, if any VM, on any VMC network segment, attempts to browse to the URL, the page load times out. However, website will load if you use internal VMC segement IP for the target VM.
I've been unable to determine a CGW rule set that would allow or alter this access. It seems as though any VMC VM cannot access any web servers hosted on a VMC VM utilizing the public DNS URL for any sites hosted in VMC. I've attempted to research a solution, but am coming up empty.
My obvious workaround for this behavior is to set up split DNS, but is not an ideal solution. My on-prem firewalls are capable of handling this sort of NAT behavior and allow access with public DNS URL information.Thereby allowing me to run external DNS only with no requirement for split DNS. Has anyone dealt with this issue and found a NAT Rule/CGW configuration that allows this access to function properly? Appreciate any suggestions.
This is not possible because the public IP address doesn't actually sit inside the SDDC. It's in the shadow VPC that surrounds the SDDC. Traffic from the SDDC can't go outbound to the elastic IP then hairpin back inbound.
Split-DNS or hostfiles are your only answer here.