Gateways in Virtual Private Cloud OnDemand support NAT for the virtual machines connected to routed networks. Create a NAT rule to translate a public IPv4 address to and from the private IPv4 address of a virtual machine on your isolated network in Virtual Private Cloud OnDemand.

Virtual Private Cloud OnDemandsupports source NAT (SNAT) and destination NAT (DNAT) rules. When you configure an SNAT or a DNAT rule, you always configure the rule from the perspective of Virtual Private Cloud OnDemand. You configure the rules in the following ways:

SNAT: the traffic is traveling from a virtual machine on an isolated network in Virtual Private Cloud OnDemand (the source) through the Internet to the external network (the destination).

DNAT: the traffic is traveling from the Internet (the source) to a virtual machine inside Virtual Private Cloud OnDemand (the destination).

Example for Network Address Translation
Example for Network Address Translation

Given the example in Figure 1-3, you can add the following NAT rules for VM1 to communicate with the Web server (IP address 209.165.200.225):

SNAT

Original (Internal) Source: 10.0.0.2

Translated (External) Source: 209.165.200.1

DNAT

Original (External) IP: 209.165.200.1

Translated (Internal) IP/Range: 10.0.0.2

This NAT example shows the translation of IP addresses on the private network on the inside of the gateway. When the virtual machine at 10.0.0.2 sends a packet to the Web server at 209.165.200.225, the virtual machine’s real address (10.0.0.2) is translated to 209.165.200.1. When the Web server responds, it sends the response to IP address 209.165.200.1, and the gateway translates 209.165.200.1 back to the real address 10.0.0.2 before sending it to the virtual machine.

You can configure NAT rules to create a private IP address space inside Virtual Private Cloud OnDemand to port your private IP address space from your enterprise in to the cloud. Configuring NAT rules in Virtual Private Cloud OnDemand allows you to use the same private IP addresses for your virtual machines in Virtual Private Cloud OnDemand that are used in your local data center.

NAT rules in Virtual Private Cloud OnDemand include the following support:

Creating subnets within the private IP address space

Creating multiple private IP address spaces for a gateway

Configuring multiple NAT rules on multiple gateway interfaces

Important

By default, gateways are deployed with firewall rules configured to deny all network traffic to and from the virtual machines on the routed networks. Also, NAT is disabled by default so that gateways are unable to translate the IP addresses of the incoming and outgoing traffic. You must configure both firewall and NAT rules on a gateway for the virtual machines on a routed network to be accessible. Attempting to ping a virtual machine on a network after configuring a NAT rule will fail without adding a firewall rule to allow the corresponding traffic.

See GUID-B97D00F7-1E61-4FDD-B8FB-78FDEC59F506#GUID-B97D00F7-1E61-4FDD-B8FB-78FDEC59F506 in this guide for the steps to create a SNAT or DNAT rule

See GUID-4A9EF77F-0E90-428C-8C4E-DA1E72AAE934#GUID-4A9EF77F-0E90-428C-8C4E-DA1E72AAE934 in this guide for the steps to create a firewall rule.