When a tier-0 or tier-1 logical router is running in active-active mode, you cannot configure stateful NAT where asymmetrical paths might cause issues. For active-active routers, you can use reflexive NAT, which is sometimes called stateless NAT.
For reflexive NAT, you can configure a single source address to be translated, or a range of addresses. If you configure a range of source addresses, you must also configure a range of translated addresses. The size of the two ranges must be the same. The address translation will be deterministic, meaning that the first address in the source address range will be translated to the first address in the translated address range, the second address in the source range will be translated to the second address in the translated range, and so on.
- With admin privileges, log in to NSX Manager.
- Locate the logical router you want to modify in or .
- Click the tier-0 or tier-1 logical router on which you want to configure reflexive NAT.
- Select .
- Click ADD.
- Specify a priority value.
A lower value means a higher precedence for this rule.
- For Action, select Reflexive.
- For Source IP, specify an IP address or an IP address range in CIDR format.
- For Translated IP, specify an IP address or an IP address range in CIDR format.
- (Optional) Set the status of the rule.
The rule is enabled by default.
- (Optional) Change the logging status.
Logging is disabled by default.
- (Optional) Change the firewall bypass setting.
The setting is enabled by default.
The new rule is listed under NAT. For example: