You can configure NAT and NAT 64 rules on a tier-0 or tier-1 gateway.
- NAT64 is only supported for external IPv6 traffic coming in through the NSX-T edge uplink to the IPv4 server in the overlay.
- NAT64 supports TCP and UDP, all other protocol type packets are discarded. NAT64 does not support: ICMP, Fragmentation, and IPV6 packets that have extension headers.
When a NAT64 rule and an inline load balancer are configured on the same edge node, using the NAT64 rule to direct IPV6 packets to the IPv4 inline load balancer is not supported.
You can also disable SNAT or DNAT for an IP address or a range of addresses. If an address has multiple NAT rules, the rule with the highest priority is applied.
SNAT configured on a tier-0 gateway's external interface processes traffic from a tier-1 gateway, and from another external interface on the tier-0 gateway.
- From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
- Select .
- Select a gateway.
- Next to View, select NAT or NAT64.
- Click Add NAT Rule or Add NAT 64 Rule.
- Enter a Name.
- If you are configuring NAT, select an action. For NAT 64, the action is NAT64.
NAT Option Description Tier-1 gateway Available actions are SNAT, DNAT, Reflexive, NO SNAT, and NO DNAT. Tier-0 gateway in active-standby mode Available actions are SNAT, DNAT, NO SNAT, and NO DNAT. Tier-0 gateway in active-active mode The available action is Reflexive.
- Enter a Source. If this text box is left blank, the NAT rule applies to all sources outside of the local subnet.
Option Description NAT Specify an IP address, or an IP address range in CIDR format. For SNAT, NO_SNAT and REFLEXIVE rules, this is a mandatory text box and represents the source network of the packets leaving the network. NAT64 Enter an IPv6 address, or an IPv6 CIDR.
- (Required) Enter a Destination.
Option Description NAT Specify an IP address, or an IP address range in CIDR format. NAT64 Enter an IPv6 address, or an IPv6 address range in CIDR format with the prefix /96. The prefix /96 is supported because the destination IPv4 IP is embedded as the last 4 bytes in the IPv6 address
- Enter a value for Translated IP.
Option Description NAT Specify an IPv4 address, or an IP address range in CIDR format. NAT64 Specify an IPv4 address, a comma-separated list of IPv4 addresses, or an IPv4 address range. IPV4 CIDR is not supported.
- Toggle Enable to enable the rule.
- In the Service column, click Set to select services. See Add a Service for more information. For NAT 64, select a pre-defined service or create a user-defined service with TCP or UDP, with the source/destination port as Any, or a specific port.
- For Apply To, click Set and select objects that this rule applies to.
The available objects are Tier-0 Gateways, Interfaces, Labels, Service Instance Endpoints, and Virtual Endpoints.Note: If you are using Federation and creating a NAT rule from a Global Manager appliance, you can select site-specific IP addresses for NAT. You can apply the NAT rule to any of the following location spans:
- Do not click Set if you want to use the default option of applying the NAT rule to all locations.
- Click Set. In the Apply To dialog box, select the locations whose entities you want to apply the rule to and then select Apply NAT rule to all entities.
- Click Set. In the Apply To dialog box, select a location and then select Interfaces from the Categories drop-down menu. You can select specific interfaces to which you want to apply the NAT rule.
- Enter a value for Translated Port.
- Select a firewall setting.
Option Description NAT Available settings are:
- Match External Address - The packet is processed by firewall rules that match the combination of translated IP address, and translated port.
- Match Internal Address - The packet is processed by firewall rules that match the combination of original IP address, and original port.
- Bypass - The packet bypasses firewall rules.
NAT64 The available setting is Bypass - the packet bypasses firewall rules.
- (Optional) Toggle the logging button to enable logging.
- Specify a priority value.
A lower value means a higher priority. The default is 0.
- Click Save.