Browse to your organization
Administration > Edge Gateways and click the green “+”
Here I just leave the defaults and click Next
Select your external network and click Next
Give your Edge Gateway a Name and click Next
At the overview – click Finish
The vShield Manager will now deploy a vShield Edge – this may take a few minutes
The Edge should now show up under your System vDC Resource Pool
The Edge should now take an IP from the External Network Pool you have created.
Change over to Org VDC Network and click the green “+”
As mentioned, you can connect an organization directly to an external network, of which the external IPs will be assigned from. Here however I will create a routed network using the Edge I just created.
Select Create a routed network by connecting to an existing edge gateway, select the Edge just created and click Next
Now enter the PRIVATE network details.
This is the network behind the Edge Gateway – these are the details your VMs will be using
Click Next
Give it a name and click Next
At the overview, click Finish
Let it do its thing
Once done, your network is ready to be used by the organization. Or is it ?
Well, this is a virtual router and uses NAT. By default the firewall blocks everything and no NAT is configured.
Let’s do a basic setup here. I will simply allow everything Outgoing.
We know the external interface of the Edge Gateway has the IP 192.168.1.80.
Go back to the Edge Gateways tab, right click the Edge and select Properties
Change to the tab Sub-Allocate IP Pools and click External Network. On the right you can see the available IPs (192.168.1.80-99)
So we know 192.168.1.80 is taken for the Edge itself so I enter 192.168.1.81 and click Add, then click OK
Give it a few seconds to sort itself out
No right click your Edge and click Edge Gateway Services
Go the the NAT tab. Here you can create two kinds of NAT rules.
- SNAT – This is your outgoing NAT rule (e.g. you want to browse the internet).
- DNAT – This is your incoming NAT rule (e.g. you want to SSH / RDP to a specific server)
Whilst you don’t need a DNAT rule, you will need at least a single SNAT rule to get to the internet from inside the VM.
Here I don’t need 1-1 NAT mappings. I just create one NAT rule, allowing the whole internal subnet out which will presents itself as 192.168.1.81
Move to the tab Firewall
I am just creating an outgoing firewall so I can test my VM, click OK
Btw., a good article about vCloud Networking can be found HERE.
Installation of vCD 5.5 content
1. Installation
2. vShield Manager
3. VXLAN Config
4. Initial vCD Config
5. Create a Provider vDC
6. External Network
7. Create an Organization vDC
8. vShield Edge / Org Network
9. Final Testing
10. Install a second vCloud Cell