In Virtual Private Cloud OnDemand, you can create a NAT rule to direct traffic between an external network and your virtual machines on an inside network. When you configure a SNAT or DNAT rule, you always configure the rule from the perspective of Virtual Private Cloud OnDemand.

You configure NAT rules in the following ways:

SNAT: the traffic is traveling from a virtual machine on an internal network in Virtual Private Cloud OnDemand (the source) through the Internet to the external network (the destination).

DNAT: the traffic is traveling from the Internet (the source) to a virtual machine inside Virtual Private Cloud OnDemand (the destination).

See Network Address Translation (NAT) in this guide for more information.

This procedure provides the steps to create a NAT rule by using Virtual Private Cloud OnDemand. For information about creating or editing NAT rules by using vCloud Director, see the following topics in vCloud Director Administrator’s Guide:

Add a Source NAT rule to an Edge Gateway

Add a Destination NAT rule to an Edge Gateway

Before creating a NAT rule, complete the following items:

Verify that you have network administrator privileges.

Obtain the IP addresses for the virtual machines that you are creating the NAT rules.

1

If necessary, click the expand icon (Expand Virtual Data Centers Pane Icon) to display the Virtual Data Centers pane.

2

Select the virtual data center to which the gateway belongs.

3

Click the Gateways tab.

4

Click the gateway tile.

5

Click the NAT Rules tab.

6

Click the Add button.

The Add NAT Rule dialog appears.

7

Depending on which type of NAT rule you want to create, click one of the following options:

Option

Description

SNAT

A source NAT rule changes the source IP address and, optionally, port of outgoing packets. When you create an SNAT rule in Virtual Private Cloud OnDemand, by default the port and protocol are set to “any.” To change the default port and protocol settings for an SNAT rule, edit the settings in vCloud Director.

DNAT

A destination NAT rule changes the destination IP address and, optionally, port of inbound packets.

Depending on which option you chose, the dialog refreshes with the required fields.

8

Depending on which type of NAT rule you are creating, complete the following settings:

Source NAT (SNAT) (inside -> outside)

Option

Description

Original (Internal) Source

Enter the original IP address or range of IP addresses to apply to this rule.

The original addresses are the IP addresses of the virtual machine (or machines) for which you are configuring SNAT so that they can send traffic to the external network.

Translated (External) Source

Specifies the IP address to which source addresses (the virtual machines) on outbound packets are translated to when they send traffic to the external network.

The translated address is always the public IP address of the gateway for which you are configuring the SNAT rule.

Select the required IP address from the drop-down menu.

Destination NAT (DNAT) (outside -> inside)

Option

Description

Original (External) IP

Specifies the destination IP address to which the rule applies; the address is always the public IP address of the gateway for which you are configuring the DNAT rule.

Select the required IP address from the drop-down menu.

Protocol

Select the protocol to which the rule applies—any, TCP, UDP, TCP/UDP, and ICMP. By default, the protocol is set to “any.”

Original Port/Range

(Optional) Enter the port or port range that the incoming traffic uses on the gateway to connect to the internal network on which the virtual machines are connected.

ICMP type

If you selected ICMP (an error reporting and diagnostic utility used between devices to communicate error information) in the Protocol field, select the ICMP type from the drop-down menu. ICMP messages are identified by the “type” field. By default, the ICMP type is set to “any.”

Translated (Internal) IP/Range

Enter the IP address or a range of IP addresses to which destination addresses on inbound packets will be translated.

The translated addresses are the IP addresses of the virtual machine (or machines) for which you are configuring DNAT so that they can receive traffic from the external network.

Translated Port/Range

(Optional) Enter the port or port range that traffic connects to on the virtual machines on the isolated network.

9

Select Enable this rule and click Save.

The NAT Rules dialog appears.

10

Click Add to add additional rules or click Finish to commit the rules to the gateway.