Cloud Lab-60: vCloud Director Organizations- “SNAT/DNAT Use Case – HTTP Access From External to vApp VM’s”

In previous posts, i have configured both DNAT and SNAT individually and discuss their use cases.In this post, i am going to show you, how we can use both DNAT/SNAT in one Usecase. which is to publish the Web Server VM to access from external Network. To achieve this we have to configure both types of NAT Rules (SNAT/DNAT).


In this Lab, we will perform following tasks

  1. DNAT/SNAT Use Case Scenario
  2. Architecture diagram for SNAT/DNAT Use Case Scenario
  3. Test Access before Configuration 
  4. Configure WebServer (http) Access
    • Add SNAT Rule on “SkyNet Org Network”
    • Create DNAT Rule on “SkyNet Org Network”
  5. Firewall Configuration on “SkyNet Org Network”
  6. Firewall Configuration on “vApp Network”
  7. Test the Web Server Access

1-DNAT/SNAT Use Case Scenario

In scenario, I am using “” IP as an “external IP address” for “web Server” which mapped to Organization Internal Network where web Server is hosted. In this use case, I am trying to access the web server from my mgmt. server. which is connected to external Network.

2- Architecture diagram for DNAT/SNAT Case Scenario


3-Test Access Before Configuration

To test the webserver connectivity before may use following methods

Test-1: Open the command prompt and telnet the “” on “port 80” and I did not get any response which was correct as shown below.


Test-2: I have already created a static test page on apache web server to test the web server connectivity. Open the browser and point to your web server URL through his external IP and as you can see below there is connection time out error means no response from web server.


4-Configure WebServer (http) Access

To configure the Web Server Access. first go to your Organization VSE Firewall -> Right Click on VSE Firewall ”SkyNet-Prod-Edge2” -> Choose “Properties”


Step 1: Add SNAT Rule on “SkyNet Org Network”

In NAT Tab -> Choose “Add SNAT”


Choose an “external network” and define your “internal and external sources”. In my case I choose my organization network IP range ( where my web server resides as source. Than it will be translated into “” (VSE Sub Allocation Pool IP) as a destination- > Click “OK”


Verify your SNAT Rule -> Click “OK”


Step 2: Create DNAT Rule on “SkyNet Org Network”

Next create a DNAT Rule. It will translate our web Server external IP into Web server VM internal IP on port 80 -> Click “OK”


Verify your DNAT Rule -> Click “OK”


5-Firewall Configuration on “SkyNet Org Network”

Now allow http traffic from our Organization Firewall “SkyNet-Prod-Edg2”. By default it will block everything. To add a firewall rule Click on “Add” button from “firewall” tab.


In rule, choose “” (Mgmt Server/Client) as Source and “” (Web Server External IP) with port “TCP 80” as destination. Also make sure action will be “allow” and “enable” check is checked -> Click “OK”


Verify your added Firewall rule -> Click “OK”


Wait for Organization Network firewall to Configure.


Now everything is configured and fine as you can see “Green Check box” in VSE status.


6-Firewall Configuration on “vApp Network”

Once organization firewall configured.go to your vApp where web server VM is hosted. In my case it is on “vApp5”. Click on “vApp5 Networking” Tab


Right Click on your vApp Network “vApp5-Network-Routed” -> Click “Configure Services”


In firewall tab-> Click on “Add” button to add a rule.


In vApp5 firewall rule. Use “” (Mgmt Servre/PC) as source and in destination choose “vApp5-Web1 NAT IP” with “TCP port 80”-> Click “OK”


Verify you added firewall rule -> Click “OK”


7-Test the Web Server Access

open the command prompt from “mgmt. server” as we did at start and “telnet” into web server “external IP port 80” as shown below


If everything is configured correctly then you are able to telnet on the “webserver port 80” as shown below.


Next open the “web Server” in “mgmt. server” browser and it should work as you can see below.we got our test page.



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s