Hi,
we recently updated from vCloud 1.0.1 to 1.5 and with that all vShield components to v5.
vShield edge deployment runs fine if I create a new routed Org network and the new VSE takes an IP from the pool of the external network.
In version 1.0.1 from the vcloud director I was able to NAT an inside IP to the external IP of the VSE thus requiring only a single "official" IP to make vApps accessible in a cloud environment.
In version 1.5 with vShield 5 the wizard will not let me NAT to the external IP of the VSE. I have to configure a second IP from the same subnet to be able to NAT to internal VMs. This requires at least two official IPs. In a provider environment official IPs are rare and I don't want to spent twice as much IPs as with version 1.0.1.
Is this a new "feature" of vShield Edge 5 or did I misconfigure something?
To be more specific, here is my setup (IPs changed for security reasons):
External network: 10.1.1.0/24 (vCloud director uses 10.1.1.200-205 as static pool)
Org-Network: 192.168.0.0/24
VSE external IP: 10.1.1.200
VSE internal IP: 192.168.0.1
VM in internal network: webserver01 with IP 192.168.0.10
Trying to NAT 10.1.1.200 to 192.168.0.10 -> not possible
Adding a second IP to the VSE: 10.1.1.201 -> OK
NATing 10.1.1.201 to 192.168.0.10 -> OK
In this environment, I have to spent 2 official IPs for a single webserver. Formerly, only the 10.1.1.200 was enough to publish as many VMs from the internal network 192.168.0.0/24.
Thanks for your help.
Oliver