NSX SNAT does Port Address Translation in a 1:1 NAT relationship
search cancel

NSX SNAT does Port Address Translation in a 1:1 NAT relationship

book

Article ID: 373284

calendar_today

Updated On:

Products

VMware NSX VMware NSX-T Data Center

Issue/Introduction

  • The NSX Admin Guide says:
    "Enter a value for Translated IP: Specify an IPv4 address, or an IP address range in CIDR format.
    If translated IP is less than the match IP for SNAT it will work as PAT."

  • However, PAT will happen for a 1:1 translation as well.
  • You have SNAT configured as below:

  • You will see the port getting translated:

Environment

VMware NSX
VMware NSX-T Data Center

Cause

SNAT having a single IP will work as PAT.

Resolution

Workaround:

To preserve source port on a NAT rule you can configure Reflexive NAT this will ensure the source port integrity is maintained after NAT is done.

Refer to below document on reflexive NAT:
Configure NAT/DNAT/No SNAT/No DNAT/Reflexive NAT

 

Powered by Wolken Software