In vCloud Air, you can create a NAT rule to direct traffic between an external network and your virtual machines on your inside network. When you configure a SNAT or DNAT rule, you always configure the rule from the perspective of vCloud Air.

You configure NAT rules in the following ways:

SNAT: the traffic is traveling from a virtual machine on an internal network in vCloud Air (the source) through the Internet to the external network (the destination).

DNAT: the traffic is traveling from the Internet (the source) to a virtual machine inside vCloud Air (the destination).

See Network Address Translation (NAT) in this guide for more information.

This procedure provides the steps to create a NAT rule by using vCloud Air. For information about creating or editing NAT rules by using vCloud Director, see the following topics in vCloud Director Administrator’s Guide:

Add a Source NAT rule to an Edge Gateway

Add a Destination NAT rule to an Edge Gateway

Before creating a NAT rule, complete the following items:

Verify that you have network administrator privileges.

Obtain the IP addresses for the virtual machines that you are creating the NAT rules.

1

In the Dashboard tab, click the Gateways tab.

2

Click the gateway for which you want to add a NAT rule.

3

Click the NAT Rules tab.

4

Click the Add button and from the drop-down menu, choose one of the following options:

Option

Description

Source NAT (SNAT)

An SNAT rule changes the source IP address and, optionally, port of outgoing packets. When you create an SNAT rule in vCloud Air, by default the port and protocol are set to “any.” To change the default the port and protocol settings for an SNAT rule, edit the settings in vCloud Director.

Destination (DNAT)

A DNAT rule changes the destination IP address and, optionally, port of inbound packets.

5

Depending on which type of NAT rule you are creating, complete the following settings:

Source NAT (SNAT) (inside -> outside)

Option

Description

Original (Internal) Source

Enter the original IP address or range of IP addresses to apply to this rule.

These addresses are the IP addresses of the virtual machine (or machines) for which you are configuring SNAT so that they can send traffic to the external network.

Translated (External) Source

Specifies the IP address to which source addresses (the virtual machines) on outbound packets are translated to when they send traffic to the external network.

This address is always the public IP address of the gateway for which you are configuring the SNAT rule.

Select the required IP address from the drop-down list.

Destination NAT (DNAT) (outside -> inside)

Option

Description

Original (External) IP

Specifies the destination IP address to which the rule applies; this address is always the public IP address of the gateway for which you are configuring the DNAT rule.

Select the required IP address from the drop-down list.

Protocol

Select the protocol to which the rule applies—any, TCP, UDP, TCP/UDP, and ICMP. By default, the protocol is set to “any.”

Original Port/Range

(Optional) Enter the port or port range that the incoming traffic uses on the gateway to connect to the internal network on which the virtual machines are connected.

ICMP type

If you selected ICMP (an error reporting and diagnostic utility used between devices to communicate error information) in the Protocol field, select the ICMP type from the drop-down menu. ICMP messages are identified by the “type” field. By default, the ICMP type is set to “any.”

Translated (Internal) IP/Range

Enter the IP address or a range of IP addresses to which destination addresses on inbound packets will be translated.

These addresses are the IP addresses of the virtual machine (or machines) for which you are configuring DNAT so that they can receive traffic from the external network.

Translated Port/Range

(Optional) Enter the port or port range that traffic connects to on the virtual machines on the internal network.

6

Select Enable this rule and click Save.