You can configure source and destination NAT on a tier-0 logical router that is running in active-standby mode.

You can also disable SNAT or DNAT for an IP address or a range of addresses. If multiple NAT rules apply to an address, the rule with the highest priority is applied.

SNAT configured on a tier-0 logical router's uplink will process traffic from a tier-1 logical router as well as from another uplink on the tier-0 logical router.

Prerequisites

Verify that Manager mode is selected in the NSX Manager user interface. See NSX Manager. If you do not see the Policy and Manager mode buttons, see Configure User Interface Settings.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select Networking > Tier-0 Logical Routers.
  3. Click a tier-0 logical router.
  4. Select Services > NAT.
  5. Click ADD to add a NAT rule.
  6. Specify a priority value.
    A lower value means a higher priority.
  7. For Action, select SNAT, DNAT, Reflexive, NO_SNAT, or NO_DNAT.
  8. Select the protocol type.
    By default, Any Protocol is selected.
  9. (Required) For Source IP, specify an IP address or an IP address range in CIDR format.
    If you leave this field blank, this NAT rule applies to all sources outside of the local subnet.
  10. For Destination IP, specify an IP address or an IP address range in CIDR format.
  11. For Translated IP, specify an IP address or an IP address range in CIDR format.
  12. (Optional) If Action is DNAT, for Translated Ports, specify the translated ports.
  13. (Optional) For Applied To, select a router port.
  14. (Optional) Set the status of the rule.
    The rule is enabled by default.
  15. (Optional) Change the logging status.
    Logging is disabled by default.
  16. (Optional) Change the firewall bypass setting.
    The setting is enabled by default.