Last week I was helping a customer with installing and configuring VMware vCloud Director 5.1. Things were going pretty smooth until I noticed that we could not get any traffic to get out of the organisation to the external network. The Organisation network was connected to a Edge Gateway but it did not let any traffic through. In vCloud 1.5 this just worked out of the box. It used to have IP Masquerade and NAT enabled per default. After some troubleshooting we figured this was not the case in vCloud 5.1 on Edge Gateways. To enable IP Masquerade and NAT you have to do the following.
- Sub allocate an IP pool to the Edge Gateway
- Create an SNAT rule on the Edge Gateway
This was pretty easy but it simply did not work! We tried a lot of things and we finally got it to work by editing the vShield Edge Gateway through the vShield Manager Web Interface. First you have to find your machine in the vShield Manager. When you have found it you need to edit the vnic0 and add an extra external IP address. See screenshot.
Then you need to go back to the vCloud GUI and create the SNAT rule. See second screenshot here:
you can not use the first IP address of the Edge Gateway for IP Masquerade. You need to add another one. By doing this simple configuration you now have NAT and IP Masquerade services running on your Edge Gateway. Check out the following KB document
Had this same issue but was resolved by specifying the correct interface (external network interface of the Edge GW)…but thanks for the pointer to check out the vShield Manager interface which echoes the settings made in the VCD console.