Gateways in vCloud Air supports NAT for the virtual machines connected to gateway networks. Create a NAT rule to translate a public IPv4 address to and from the private IPv4 address of a virtual machine on your internal network in vCloud Air.

vCloud Air supports source NAT (SNAT) and destination NAT (DNAT) rules. When you configure an SNAT or a DNAT rule, you always configure the rule from the perspective of vCloud Air. Specifically, that means you configure the rules in the following ways:

SNAT: the traffic is traveling from a virtual machine on an internal network in vCloud Air (the source) through the Internet to the external network (the destination).

DNAT: the traffic is traveling from the Internet (the source) to a virtual machine inside vCloud Air (the destination).

You can configure NAT rules to create a private IP address space inside vCloud Air to port your private IP address space from your enterprise into the cloud. Configuring NAT rules in vCloud Air allows you to use the same private IP addresses for your virtual machines in vCloud Air that were used on premises in your local data center.

NAT rules in vCloud Air include the following support:

Creating subnets within the private IP address space

Creating multiple private IP address spaces for a gateway

Configuring multiple NAT rules on multiple gateway interfaces


By default, gateways are deployed with firewall rules configured to deny all network traffic to and from the virtual machines on the gateway networks. Also, NAT is disabled by default so that gateways are unable to translate the IP addresses of the incoming and outgoing traffic. You must configure both firewall and NAT rules on a gateway for the virtual machines on a gateway network to be accessible. Attempting to ping a virtual machine on a network after configuring a NAT rule will fail without adding a firewall rule to allow the corresponding traffic.

See Add a NAT Rule in this guide for the steps to create a SNAT or DNAT rule

See Add a Firewall Rule in this guide for the steps to create a firewall rule.