Verify that SNAT and DNAT rules are working correctly.

Procedure

  1. Log in the NSX Edge.
  2. Run get logical-routers to determine the VRF number for the tier-0 services router.
  3. Enter the tier-0 services router context by running the vrf <number> command.
  4. Run the get route command and make sure that the tier-1 NAT address appears.
    nsx-edge(tier0_sr)> get route
    
    Flags: c - connected, s - static, b - BGP, ns - nsx_static
    nc - nsx_connected, rl - router_link, t0n: Tier0-NAT, t1n: Tier1-NAT
    
    Total number of routes: 8
    
    t1n  80.80.80.1/32        [3/3]         via 169.0.0.1
    ...
    
  5. If your Web VM is set up to serve Web pages, make sure you can open a Web page at http://80.80.80.1.
  6. Make sure that the tier-0 router's upstream neighbor in the physical architecture can ping 80.80.80.1.
  7. While the ping is still running, check the stats column for the DNAT rule.

    There should be one active session.