NSX Cloud supports enabling NAT on NSX-managed VMs.
About this task
You can enable North-South traffic on VMs in overlay mode using AWS tags.
<EIP from, AWS>, for example, 188.8.131.52
Make sure the EIP you provide here is free to use. If you assign an EIP that was previously associated with any other instance or private IP, NAT does not work. In that case, unassign the EIP, remove the nsx:publicip tag on the VM or interface, and add it again.
After this tag is applied, the following configurations take place behind the scenes:
A secondary IP is allocated on the uplink interface of CGW. This IP is associated with the EIP specified in the tag’s value.
One SNAT rule and one DNAT rule is created in NSX Manager mapping the overlay private IP of this VM with the secondary IP and vice versa. For example:
SNAT: 192.168.10.25 -> 10.201.1.3
DNAT: 10.20.1.3 -> 192.168.10.25
Two levels of NAT takes place.
From VM’s overlay IP to CGW’s secondary IP
From CGW’s secondary IP to EIP in AWS
From EIP to CGW’s secondary IP in AWS
From AWS secondary IP to the VM’s overlay IP in CGW