Home‎ > ‎VCIX-NV Study Notes‎ > ‎

Section 3.3 - Configure and Manage DHCP/DNS/NAT

Configuring and Managing TCP services


The Edge Services Gateways have the ability to manage DHCP services and DNS.  They are basic services and there are other better options, but here they are.


Add/Modify/Delete DHCP IP Pool


It is very limited in the scope options and other DHCP servers would be more effective.   But here is how you would use the NSX version.

Creating a pool is simple


  1. Select your ESG -> Select the DHCP Tab and Click the Green “+” to create a new pool.


2.  Provide the pool IP info and click ok


3.  Click on the Enable button to start the service and then publish your changes.


Your ESG is now a DHCP server.   The scope options are extremely limited.


To Disable DHCP, click the disable button and publish your changes.



Enable DNS services


Enabling DNS services is done from the Settings -> configuration menu.  NSX can forward DNS requests and auto config DNS settings through the DHCP pool.  It does not manage the DNS Zones, it just forwards.


Click the change link in the Config box .


Check the Enable DNS box and provide your DNS server you wish to forward to.




Configure and Manage NAT(SNAT) rules.


Create SNAT (Source NAT)

You are probably not going to use DHCP or DNS from your ESG, but  I am confident that you will use NAT(SNAT).  You will use NATs to assign specific External IPs to your applications or load balancers.  The SNAT is use to force all your OUTBOUND traffic through a specific IP Address.


To configure an SNAT, you need to Manage the ESG that will host the NAT.   Then click on the NAT tab.


  1. Click on the Green “+” to create a new SNAT rule

2. The Interface to apply the SNAT is the outside interface (is in the network that will have the NAT IP)  Provide the IP or range of IPs for your NAT.  


You are done.  Pretty simple.  Just keep track of what Interface is where.   The Interface is the route out, the original IP/Range is the source, The translated IP is an IP you need to add to your External Interface.  It will be mapped to your original IP/Range.



Create DNAT (Destination NAT)


You configure a DNAT the same way you create your SNAT.   The main difference with a DNAT is you have a few more options:  


You have your Original IP address (NAT IP)  and your translated IP address (Where is this traffic going)  But you can also specify the source and destination protocol or TCP Port as well.