When a tier-0 logical router is running in Active-Active ECMP mode, you cannot configure stateful NAT where asymmetrical paths might cause issues. For Active-Active ECMP routers, you can use reflexive NAT (sometimes called stateless NAT).
The tier-0 router must have two uplinks connected to a VLAN-based logical switch. See Connect a Tier-0 Logical Router to a VLAN Logical Switch.
The tier-0 router must have routing (static or BGP) and route redistribution configured on its uplinks to the physical architecture. See Configure a Static Route, Configure BGP on a Tier-0 Logical Router, and Enable Route Redistribution on the Tier-0 Logical Router.
The tier-1 routers must each have an uplink to a tier-0 router configured. Tenant2NAT must be backed by an edge cluster. See Attach Tier-0 and Tier-1.
The tier-1 routers must have downlink ports and route advertisement configured. See Add Downlink Ports for the Tier-1 Logical Router and Configure Route Advertisement on a Tier-1 Logical Router.
The VMs must be attached to the correct logical switches.
- From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
- Select Routing.
- Click a tier-0 logical router on which you want to configure reflexive NAT.
- Select .
- Click ADD.
- Specify a priority value.
A lower value means a higher precedence for this rule.
- For the Action, select Reflexive.
- For the Source IP address, enter the outside IP address of the VM.
In this example, the source IP is 220.127.116.11.
- For the Translated IP address, enter the inside IP address for the VM.
In this example, the translated IP address is 172.16.10.10.
- For the Destination IP address, you can leave it blank or enter an IP address.
If you leave Destination IP blank, the NAT applies to all destinations outside of the local subnet.
- Enable the rule.
- (Optional) : Enable logging.
The new rule is listed under NAT. For example:
What to do next
Configure the tier-1 router to advertise NAT routes.
To advertise the NAT routes upstream from the tier-0 router to the physical architecture, configure the tier-0 router to advertise tier-1 NAT routes.