In previous posts, i have configured both DNAT and SNAT individually and discuss their use cases.In this post, i am going to show you, how we can use both DNAT/SNAT in one Usecase. which is to publish the Web Server VM to access from external Network. To achieve this we have to configure both types of NAT Rules (SNAT/DNAT).
In this Lab, we will perform following tasks
- DNAT/SNAT Use Case Scenario
- Architecture diagram for SNAT/DNAT Use Case Scenario
- Test Access before Configuration
- Configure WebServer (http) Access
- Add SNAT Rule on “SkyNet Org Network”
- Create DNAT Rule on “SkyNet Org Network”
- Firewall Configuration on “SkyNet Org Network”
- Firewall Configuration on “vApp Network”
- Test the Web Server Access
1-DNAT/SNAT Use Case Scenario
In scenario, I am using “10.0.150.248” IP as an “external IP address” for “web Server” which mapped to Organization Internal Network where web Server is hosted. In this use case, I am trying to access the web server from my mgmt. server. which is connected to external Network.
2- Architecture diagram for DNAT/SNAT Case Scenario
3-Test Access Before Configuration
To test the webserver connectivity before configuration.you may use following methods
Test-1: Open the command prompt and telnet the “10.0.150.248” on “port 80” and I did not get any response which was correct as shown below.
Test-2: I have already created a static test page on apache web server to test the web server connectivity. Open the browser and point to your web server URL through his external IP and as you can see below there is connection time out error means no response from web server.
4-Configure WebServer (http) Access
To configure the Web Server Access. first go to your Organization VSE Firewall -> Right Click on VSE Firewall ”SkyNet-Prod-Edge2” -> Choose “Properties”
Step 1: Add SNAT Rule on “SkyNet Org Network”
In NAT Tab -> Choose “Add SNAT”
Choose an “external network” and define your “internal and external sources”. In my case I choose my organization network IP range (10.0.33.0/24) where my web server resides as source. Than it will be translated into “10.0.150.248” (VSE Sub Allocation Pool IP) as a destination- > Click “OK”
Verify your SNAT Rule -> Click “OK”
Step 2: Create DNAT Rule on “SkyNet Org Network”
Next create a DNAT Rule. It will translate our web Server external IP into Web server VM internal IP on port 80 -> Click “OK”
Verify your DNAT Rule -> Click “OK”
5-Firewall Configuration on “SkyNet Org Network”
Now allow http traffic from our Organization Firewall “SkyNet-Prod-Edg2”. By default it will block everything. To add a firewall rule Click on “Add” button from “firewall” tab.
In rule, choose “10.0.150.150” (Mgmt Server/Client) as Source and “10.0.150.248” (Web Server External IP) with port “TCP 80” as destination. Also make sure action will be “allow” and “enable” check is checked -> Click “OK”
Verify your added Firewall rule -> Click “OK”
Wait for Organization Network firewall to Configure.
Now everything is configured and fine as you can see “Green Check box” in VSE status.
6-Firewall Configuration on “vApp Network”
Once organization firewall configured.go to your vApp where web server VM is hosted. In my case it is on “vApp5”. Click on “vApp5 Networking” Tab
Right Click on your vApp Network “vApp5-Network-Routed” -> Click “Configure Services”
In firewall tab-> Click on “Add” button to add a rule.
In vApp5 firewall rule. Use “10.0.150.150” (Mgmt Servre/PC) as source and in destination choose “vApp5-Web1 NAT IP” with “TCP port 80”-> Click “OK”
Verify you added firewall rule -> Click “OK”
7-Test the Web Server Access
open the command prompt from “mgmt. server” as we did at start and “telnet” into web server “external IP port 80” as shown below
If everything is configured correctly then you are able to telnet on the “webserver port 80” as shown below.
Next open the “web Server” in “mgmt. server” browser and it should work as you can see below.we got our test page.