Source NAT (SNAT) changes the source address in the IP header of a packet. It can also change the source port in the TCP/UDP headers. The typical usage is to change a private (rfc1918) address/port into a public address/port for packets leaving your network.

About this task

In this example, as packets are received from the web VM, the Tenant2NAT tier-1 router changes the source port of the packets from 172.16.10.10 to 80.80.80.1. Having a public source address enables destinations outside of the private network to route back to the original source.

Prerequisites

Procedure

  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Select Routing.
  3. Click a tier-1 logical router on which you want to configure NAT.
  4. Select Services > NAT.
  5. Click ADD.
  6. Specify a priority value.

    A lower value means a higher precedence for this rule.

  7. For the Action, select SNAT.
  8. Select the protocol type.

    By default, Any Protocol is selected.

  9. For the Source IP address, enter the inside IP address of the VM.

    If you leave the source IP blank, all sources on router's downlink ports are translated. In this example, the source IP is 172.16.10.10.

  10. For the Translated IP address, enter the outside IP address for the VM.

    Note that the outside/translated IP address does not need to be configured on the VM. Only the NAT router needs to know about the translated IP address.

    In this example, the translated IP address is 80.80.80.1.

  11. For the Destination IP address, you can leave it blank or enter an IP address.

    If you leave Destination IP blank, the NAT applies to all destinations outside of the local subnet.

  12. Enable the rule.
  13. (Optional) : Enable logging.

Results

The new rule is listed under NAT. For example:

What to do next

Configure the tier-1 router to advertise NAT routes.

To advertise the NAT routes upstream from the tier-0 router to the physical architecture, configure the tier-0 router to advertise tier-1 NAT routes.