Source NAT (SNAT) changes the source address in the IP header of a packet. It can also change the source port in the TCP/UDP headers. The typical usage is to change a private (rfc1918) address/port into a public address/port for packets leaving your network.
You can create a rule to either enable or disable source NAT.
In this example, as packets are received from the web VM, the Tenant2NAT tier-1 router changes the source IP address of the packets from 172.16.10.10 to 80.80.80.1. Having a public source IP address enables destinations outside of the private network to route back to the original source.
Prerequisites
- The tier-0 router must have an uplink connected to a VLAN-based logical switch. See Connect a Tier-0 Logical Router to a VLAN Logical Switch for the NSX Edge Uplink in Manager Mode.
- The tier-0 router must have routing (static or BGP) and route redistribution configured on its uplink to the physical architecture. See Configure a Static Route in Manager Mode, Configure BGP on a Tier-0 Logical Router in Manager Mode, and Enable Route Redistribution on the Tier-0 Logical Router in Manager Mode.
- The tier-1 routers must each have an uplink to a tier-0 router configured. Tenant2NAT must be backed by an NSX Edge cluster. See Attach Tier-1 Router to a Tier-0 Router in Manager Mode.
- The tier-1 routers must have downlink ports and route advertisement configured. See Add a Downlink Port on a Tier-1 Logical Router in Manager Mode and Configure Route Advertisement on a Tier-1 Logical Router in Manager Mode.
- The VMs must be attached to the correct logical switches.
-
Verify that Manager mode is selected in the NSX Manager user interface. See NSX Manager. If you do not see the Policy and Manager mode buttons, see Configure User Interface Settings.
Procedure
Results
The new rule is listed under NAT. For example:
What to do next
Configure the tier-1 router to advertise NAT routes.
To advertise the NAT routes upstream from the tier-0 router to the physical architecture, configure the tier-0 router to advertise tier-1 NAT routes.