SNAT does PAT in 1:1 NAT Relations
search cancel

SNAT does PAT in 1:1 NAT Relations

book

Article ID: 373284

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

The NSX Admin Guide says:

"Enter a value for Translated IP: Specify an IPv4 address, or an IP address range in CIDR format.

If translated IP is less than the match IP for SNAT it will work as PAT."

However, PAT will happen for a 1:1 translation as well.

You have Simple SNAT configured as below

You will see the port getting translated:

Environment

VMware NSX

Cause

SNAT having a single IP will work as PAT.

Resolution

Workaround:

To preserve source port on a NAT rule you can configure Reflexive NAT this will ensure the source port integrity is maintained after NAT is done.

Refer below documents on reflexive NAT:

https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-46900DFB-58EE-4E84-9873-357D91EFC854.html

https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-DDB35A76-BD12-4F09-8D88-2490E4DAA8F6.html

Powered by Wolken Software