...
Assumptions
- You have already completed Enable Internet Access into a VDC.
- Subnet containing the VM: 192.168.2.0/24
- IP Address of VM: 192.168.2.100
- Edge gateway address: 119.252.74.161
Overview
In this article we will configure a VDC with Edge gateway (Applies to Basic Internet and Advanced NSX Edges) to allow remote RDP access from the internet to a Windows VM on a subnet attached to private subnet.
- In order to configure remote RDP access to the Windows VM you should already have configured internet access for the VM or subnet.
- We will be building upon the internet access rules by adding 1 new firewall rule and 2 new NAT rules to the uplink network.
Configuration
All configuration items will be applied against the uplink network. You must identify both the external IP address of the Edge gateway and internal IP address of the VM for which you wish to provide RDP access. The internal VM IP address will belong to the subnet assigned previously to one of your VNICS.
1. Identify Edge gateway IP address
The gateway address can be found by navigating to the Network Configuration tab for your VDC in MyAccount, selecting the ?uplink? network and viewing the config page as below:
2. NAT Rules
We are adding 2 x DNAT rules to the uplink network, click on the NAT page and click the ?Add NAT Rule? button. You will be configuring the following rules:
DNAT #1 (TCP)
- Rule Type: Destination NAT
- Protocol: TCP
- Original IP: any
- Original Port: 3389
- Translated IP: 192.168.2.100
- Translated Port: 3389
DNAT #2 (UDP ? Optional)
- Rule Type: Destination NAT
- Protocol: UDP
- Original IP: any
- Original Port: 3389
- Translated IP: 192.168.2.100
- Translated Port: 3389
3. Firewall Rule
Add a Firewall Rule to the uplink network, click on the Firewall page and click the ?Add Firewall Rule? button. The rule we are about to configure will allow incoming TCP and UDP traffic on port 3389 from the internet into your VDC network. The NAT rules configured in the previous step will then direct this traffic to the desired VM.
Firewall rules are applied to traffic according to the listing order on the page. Once traffic has matched a rule, the packet will be processed and no further rules will be examined, thus the order of rules is important, and in general your most specific rules should apply first, with the most general rules last.
Rule
- Policy: Allow
- Description: RDP
- Source IP: Any
- Source Port: Any
- Destination IP: 119.252.74.161
- Destination Port: 3389
- Protocols: TCP, UDP
4. Complete
You should now be able to RDP to the external IP of the VDC and get to your Windows VM. To access multiple VM?s, some options include:
- Create a ?jumpbox? in your virtual environment which is used to RDP into and then RDP to other machines from there; OR
- Enable RDP of different ports on each of your VMs in your private network and NAT those through the firewall;