When a tier-0 or tier-1 logical router is running in active-active mode, you cannot configure stateful NAT where asymmetrical paths might cause issues. For active-active routers, you can use reflexive NAT, which is sometimes called stateless NAT.

For reflexive NAT, you can configure a single source address to be translated, or a range of addresses. If you configure a range of source addresses, you must also configure a range of translated addresses. The size of the two ranges must be the same. The address translation will be deterministic, meaning that the first address in the source address range will be translated to the first address in the translated address range, the second address in the source range will be translated to the second address in the translated range, and so on.

Prerequisites

Verify that Manager mode is selected in the NSX Manager user interface. See NSX Manager. If you do not see the Policy and Manager mode buttons, see Configure User Interface Settings.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Locate the logical router you want to modify in Networking > Tier-0 Logical Routers or Networking > Tier-1 Logical Routers.
  3. Click the tier-0 or tier-1 logical router on which you want to configure reflexive NAT.
  4. Select Services > NAT.
  5. Click ADD.
  6. Specify a priority value.
    A lower value means a higher precedence for this rule.
  7. For Action, select Reflexive.
  8. For Source IP, specify an IP address or an IP address range in CIDR format.
  9. For Translated IP, specify an IP address or an IP address range in CIDR format.
  10. (Optional) Set the status of the rule.
    The rule is enabled by default.
  11. (Optional) Change the logging status.
    Logging is disabled by default.
  12. (Optional) Change the firewall bypass setting.
    The setting is enabled by default.

Results

The new rule is listed under NAT. For example: