Enabling Gateway DNAT Settings

In Aviatrix CoPilot:

Go to Cloud Fabric > Gateways > Transit Gateways or Spoke Gateways tab.
In the table, select the gateway for which you want to enable SNAT and DNAT.
Click the gateway’s Settings tab.
In the Settings tab, expand the Network Address Translation (NAT) section.
Use the toggle switch to turn Destination NAT On.
From the Instance dropdown menu, select either the primary or the high availability (HA) gateway to set up Source NAT for that gateway.

NAT rules are not synchronized from the primary gateway to the HA gateway instances. You must configure NAT rules on the primary and HA gateway instances separately.
To add a translation rule, click + Rule.

Set up Destination NAT Rule.

You can configure the following parameters to set up DNAT rules to meet your requirement.

Parameter	Description
Src CIDR	The source IP address range where the rule applies. When left blank, this field is not used.
Src PORT	The source port that the rule applies. When left blank, this field is not used.
Dst CIDR	The destination IP address range where the rule applies. When left blank, this field is not used and a default route 0.0.0.0/0 pointing to Aviatrix Gateway will be programmed into the cloud platform routing table.
Dst PORT	The destination port where the rule applies. When left blank, this field is not used.
Protocol	The destination port protocol where the rule applies. When left blank, this field is not used.
Connection	The output connection where the rule applies. When left blank, this field is not used.
Mark	The tag or mark of a TCP session when all conditions are mee. When left blank, this field is not used.
DNAT IPs	The translated destination IP address when all the specified conditions are met. When left blank, this field is not used. One of the rule field must be specified for this rule to take effect. Multiple translated source IP addresses are supported, they are specified as a range, for example, 100.101.2.5 - 100.101.2.10
DNAT Port	The translated destination port when all the specified conditions meet. When left blank, this field is not used. One of the rule field must be specified for this rule to take effect.
Apply Route Entry	This is an option to program the route entry "DST CIDR pointing to Aviatrix Gateway" into the cloud platform routing table.
Exclude Route Table	This field specifies which VPC private route table will not be programmed with the default route entry. You can combine this with Apply Route Entry enabled.

Parameter

Description

Src CIDR

The source IP address range where the rule applies. When left blank, this field is not used.

Src PORT

The source port that the rule applies. When left blank, this field is not used.

Dst CIDR

The destination IP address range where the rule applies. When left blank, this field is not used and a default route 0.0.0.0/0 pointing to Aviatrix Gateway will be programmed into the cloud platform routing table.

Dst PORT

The destination port where the rule applies. When left blank, this field is not used.

Protocol

The destination port protocol where the rule applies. When left blank, this field is not used.

Connection

The output connection where the rule applies. When left blank, this field is not used.

Mark

The tag or mark of a TCP session when all conditions are mee. When left blank, this field is not used.

DNAT IPs

The translated destination IP address when all the specified conditions are met. When left blank, this field is not used. One of the rule field must be specified for this rule to take effect. Multiple translated source IP addresses are supported, they are specified as a range, for example, 100.101.2.5 - 100.101.2.10

DNAT Port

The translated destination port when all the specified conditions meet. When left blank, this field is not used. One of the rule field must be specified for this rule to take effect.

Apply Route Entry

This is an option to program the route entry "DST CIDR pointing to Aviatrix Gateway" into the cloud platform routing table.

Exclude Route Table

This field specifies which VPC private route table will not be programmed with the default route entry. You can combine this with Apply Route Entry enabled.

Repeat the steps above to add additional rules.
Click Save.