Search the VMware Knowledge Base (KB)
View by Article ID

Allowing outbound Internet connectivity to a virtual machine within VMware vCloud Air (2053464)

  • 8 Ratings

Symptoms

  • You are unable to reach the Internet from a virtual machine that resides within VMware vCloud Air.

Purpose

This article provides steps to configure a virtual machine within vCloud Air to allow outbound Internet communication. Specifically, the steps in this article allow a virtual machine to initiate one-way or two-way communication, but does not allow communication initiated by an Internet-facing machine to reach the virtual machine.

For the process of allowing an Internet-facing machine to initiate communication with a virtual machine within vCloud Air, see Allowing inbound Internet connectivity to a virtual machine within VMware vCloud Air (2053482).

Resolution


Prerequisites

To allow inbound outbound Internet connectivity to a virtual machine within vCloud Air, you require:
  • A virtual machine that has been created with at least one network interface card (NIC) attached to a routed Organization network.
  • Permissions to modify network configuration.  Your user account must contain the Network Administrator role.

Configuring outbound Internet Connectivity

Caution: The steps in this section may directly affect the security of your network. VMware recommends that you discuss the associated security risks with your network administrator.
 
To configure inbound Internet connectivity for a virtual machine, you must:
  1. Configure Source Network Address Translation (SNAT)
  2. Configure firewall exception for outbound traffic
Configuring Source Network Address Translation (SNAT)
 
To configure SNAT:
  1. Log in to the VMware vCloud Air portal with the required permissions. See Prerequisites for more information. 
  2. From the main screen's dashboard tab, click your Organization Virtual Datacenter (OrgVDC).
  3. Click the Gateways tab from your OrgVDC.
  4. Make note of the Gateway IP, which will be used later. This is the Internet-facing IP address.
  5. Click on the details of the gateway to edit its properties.
  6. Under NAT Rules, click Add One and select Source NAT from the drop-down.
  7. Set the Original (Internal) Source to the IP address of the virtual machine requiring Internet connectivity. For example, 192.168.100.2/32 or 172.16.17.18.
  8. Enter the Internet-facing IP address recorded in step 4 into the Translated (External) Source text box.

    Note: You can also verify the IP address by clicking on the Show link below the text box.

  9. Ensure that Enable this rule is selected and click Save to add the rule.  You will receive a notification stating Gateway: Gateway updated successfully when the change has been completed. 
Configure firewall exception for outbound traffic
 
To configure a firewall for outbound traffic:
  1. From the main screen's dashboard tab, click your OrgVDC.
  2. Click the Gateways tab from your OrgVDC.
  3. Click on the details of the gateway to edit its properties.
  4. Under Firewall Exceptions, click Add One.
  5. Provide a Name for the rule.
  6. Ensure that Enable this rule is selected.
  7. Set the desired Protocol(s).
  8. Set the Source to the the IP address or CIDR notation of the virtual machine requiring Internet connectivity. For example,  192.168.100.2 or 172.16.17.18/32.
  9. Leave the Source set to Any.
  10. Leave the Source Port set to Any.
  11. Set the Destination drop-down to Specific CIDR, IP, or IP Range and type the IP or range of IPs to which the virtual machine should send traffic.

    Note: You can also set the Destination dropdown to External to allow all external destinations.

  12. If the Protocol drop-down was set to TCP, UDP, or TCP & UDP, set the desired Destination Port to be allowed outbound.
  13. Ensure that Action is set to Allow and click OK to add the rule.
  14. Click Save to add the exception.  You will receive a notification stating Gateway: Gateway updated successfully when the change has been completed. 
  15. Repeat steps 3 through 14 for any additional Destination Ports needed.
When the reconfiguration task has completed, your virtual machine will be allowed outbound Internet connectivity on the configured IP address and port(s).

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 8 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 8 Ratings
Actions
KB: