Source NAT (SNAT) changes the source address in the IP header of a packet. It can also change the source port in the TCP/UDP headers. The typical usage is to change a private (rfc1918) address/port into a public address/port for packets leaving your network.

You can create a rule to either enable or disable source NAT.

In this example, as packets are received from the web VM, the Tenant2NAT tier-1 router changes the source IP address of the packets from 172.16.10.10 to 80.80.80.1. Having a public source IP address enables destinations outside of the private network to route back to the original source.

Prerequisites

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select Networking > Tier-0 Logical Routers.
  3. Click a tier-1 logical router on which you want to configure NAT.
  4. Select Services > NAT.
  5. Click ADD.
  6. Specify a priority value.
    A lower value means a higher precedence for this rule.
  7. For Action, select SNAT to enable source NAT, or NO_SNAT to disable source NAT.
  8. Select the protocol type.
    By default, Any Protocol is selected.
  9. (Optional) For Source IP, specify an IP address or an IP address range in CIDR format.
    If you leave this field blank, all sources on router's downlink ports are translated. In this example, the source IP address is 172.16.10.10.
  10. (Optional) For Destination IP, specify an IP address or an IP address range in CIDR format.
    If you leave this field blank, the NAT applies to all destinations outside of the local subnet.
  11. If Action is SNAT, for Translated IP, specify an IP address or an IP address range in CIDR format.
    In this example, the translated IP address is 80.80.80.1.
  12. (Optional) For Applied To, select a router port.
  13. (Optional) Set the status of the rule.
    The rule is enabled by default.
  14. (Optional) Change the logging status.
    Logging is disabled by default.
  15. (Optional) Change the firewall bypass setting.
    The setting is enabled by default.

Results

The new rule is listed under NAT. For example:

What to do next

Configure the tier-1 router to advertise NAT routes.

To advertise the NAT routes upstream from the tier-0 router to the physical architecture, configure the tier-0 router to advertise tier-1 NAT routes.