vCloud Air - Connecting a Virtual Machine to a Public Network

This guide looks at how to connect a virtual machine on vCloud Air to the Internet. Specifically, it shows you how to verify networking and configure the gateway so that virtual machines are accessible from the Internet.

Watch the video

1. Review Current Networking


To make sure the virtual machine is on the right network:

  1. If you’re not already logged in, go to https://vchs.vmware.com/login and log in to vCloud Air.
  2. From the Dashboard, click the desired virtual data center.
  • In this example, we use the SHAREPONT virtual data center.



3. Click the Virtual Machines tab to see the available virtual machines.

  • This example uses the vCCNode25 virtual machine.




4. To verify that the virtual machine has Internet access, select View & Edit details from its pull-down menu.

  • Note: Remember that two networks get created automatically when you create a virtual data center, one isolated and one routed. A virtual machine that is directly accessible from the Internet must be on the routed network.




5. Click the virtual machine’s Networks tab to review its information.

  • This virtual machine is on the default routed network, with an IP address of 109.126.109.126



2. Configure the Gateway


To make a virtual machine accessible from the Internet, you need to configure the gateway by setting both a destination NAT and a firewall rule that allows traffic through. This can be done in the vCloud Air UI or in the vCloud Director UI. In this example, we use the vCloud Director UI.

Set a Destination NAT

To allow Internet traffic to reach the virtual machine, a NAT rule must be created between the external Gateway IP address and the virtual machine IP address. This is known as a Destination NAT. To set a destination NAT in the vCloud Director UI:

  1. Still on the Networks tab, click Virtual Data Center Details to go back to the main virtual data center screen.
  2. Click the Gateways tab, and then click Manage in vCloud Director.



  3. Once in the vCloud Director UI, go to the Edge Gateways tab, click the network, and then select Edge Gateway Services.



  4. Click the NAT tab and select ADD DNAT to create a new destination NAT.
  • NATs are based on the point-of-view of vCloud Air, so a destination NAT translates the destination IP address of a packet received by the gateway.
  • In this example, if you go to the gateway’s IP address on the front, which is 69.194.137.230, you need to translate that to the IP address of the desired workload. Here, it’s the vCloud Connector Node, which has the 192.168.109.126 IP address.
  • Note: As shown, this virtual machine also has a source NAT, but it is not needed to connect to the Internet. Only the destination NAT is required.


Set Firewall Rules

To set a firewall rule to allow traffic through the gateway:

  1. Click the Firewall tab.
  2. Click Add to set firewall rules, as desired.
  • In this example, the firewall rule has already been created, and it is very simple just to show how it works. The firewall rule (highlighted) allows traffic through from any external source to this particular IP address.
  • This firewall rule, along with the destination NAT, allows you to connect to the workload.



3. Review Networking Changes

  1. Ping the workload to verify that the destination NAT and firewall rules are set up correctly.