Destination NAT changes the destination address in IP header of a packet. It can also change the destination port in the TCP/UDP headers. The typical usage of this is to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.

About this task

In this example, as packets are received from the app VM, the Tenant2NAT tier-1 router changes the destination port of the packets from 172.16.10.10 to 80.80.80.1. Having a public destination address enables a destination inside a private network to be contacted from outside of the private network.

Prerequisites

Procedure

  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Select Routing.
  3. Click a tier-1 logical router on which you want to configure NAT.
  4. Under NAT, click Add.
  5. For the Action, select DNAT.
  6. Select the protocol type.

    By default, Any Protocol is selected.

  7. For the Destination IP address, enter the outside IP address of the VM.

    In this example, the destination IP address is 80.80.80.1. Note that the outside IP address does not need to be configured on the VM. Only the NAT router needs to know about the outside IP address.

  8. For the Translated IP address, enter the inside IP address for the VM.

    The inside IP address must be configured on the VM.

    In this example, the inside/translated IP address is 172.16.10.10.

  9. For the Source IP address, you can leave it blank or enter an IP address.

    If you leave Source IP blank, the NAT applies to all sources outside of the local subnet.

  10. Enable the rule.
  11. (Optional) : Enable logging.

Results

The new rule is listed under NAT. For example:

What to do next

Configure the tier-1 router to advertise NAT routes.

To advertise the NAT routes upstream from the tier-0 router to the physical architecture, configure the tier-0 router to advertise tier-1 NAT routes.