Skip to content. | Skip to navigation

IT Virtualization Blog

Personal tools

This is SunRain Plone Theme
You are here: Home / Users / lmarzke / howto / NSX / Lab 1 - NSX Logical Switching with NAT

Intro to NSX - Logical Switching and Edge gateway with NAT

by lmarzke last modified Sep 26, 2017 11:18 AM
Simple NSX setup using Logical Switch Edge gateway and both SNAT and DNAT.


This is the first of a many part series in learning NSX.    While there are plenty of tutorials and Lab's to assist in learning NSX I found many of them to be too complicated for first time learners.   A second problem was that many on-line howto documents failed to document 3 or 4 critical IP's associated with the DLR  or ESG routers,  leading to hours of research to figure it out.

So I won't go into detail about all the steps required , as that can be found many places on-iine,  but I will provide a complete diagram of working configurations with all IP's listed and screen shots of the working configuration screens.   Had I had  this info it would have saved me many hours.   The public IP's have been modified for security.

The entire series is linked here.

 Lab Diagram

LS ESG test

Logical Switch

This first tutorial is on setting up a simple logical switch (LS) ,  adding a few VM's,  and then setting up SNAT for outbound Internet access, and DNAT for inbound Internet access. 

The abbreviated steps would be:

  1. Create LS called "web-tier" and 2nd LS called "App-tier".  Attach two linux VM's to the App Tier switch, with IP's of and
  2. Once both VM's have been joined to the LS 'App-tier' they should be able to ping each other,  even when located on different ESX hosts.   Verify this is working before proceeding.
  3.  Logical Switches
  4. Create Edge with "Uplink" called "WAN-uplink" and IP as shown
    Go back to the App LS, and "attached it to the Edge, with parameters shown below
    This uplink should be connected to a dv-portgroup connected to your ISP such as "dvFIOS" that has pubic IP's is the primary IP and used for SNAT , and is an additional IP used for inbound DNAT in a /24 network.
  5. Add Edge "internal" interface called "web" and IP  as shown.

  6.  Edge Interfaces
  7. Add Firewalls rules as shown.    The first two rules are automatically generated rules,  you add the next 3 rules of type "User".   The first two rules permit the web-tier LS to ping outbound, and perform DNS queries outbound.   The 3rd rule permits inbound SSH to the Public IP (NAT_web1= of the web server.
  8.  Firewall rules
  9. Add NAT rules as shown.  NAT_web1 is the public IP ( ) of Web1 entered as a single IP in an IP_group.
  10.  NAT edge


Document Actions