A Distributed Router and an NSX Edge Gateway are connected to a Logical Switch with a VNI of
7321. Both also have connections to the external network.The Distributed Router serves as the
default gateway for the virtual machines in VNI 7321.
A vSphere administrator does not want to advertise the subnet in VNI 7321 to the rest of the
network, but still wants to allow virtual machines in the segment to access external resources.
What two steps should the vSphere administrator take to achieve this? (Choose two)
A.
Make the NSX Edge Gateway the default gateway for VNI 7321.
B.
Configure a SNAT rule for VNI 7321 on the NSX Edge Gateway.
C.
Configure a static route to the NSX Edge Gateway in the upstream router.
D.
Create an inbound Access Control List on the Distributed Router.
I would say A and C
A. Will allow traffic to pass from the VMs to external points, a static route to the NSX Gateway from North Router will not expose the addresses on the 7321 LS
There is source nat option in ESG. static nat is only on Cisco router or firewall. correct answer is A,B
correction A,C is correct.static route option is correct.
Since static routes are unidirectional option C will require a static route to the internal VNI, hence the subnet is known by external routers. Option B allow to hide the source ip and with a local connection to the external ESG’s interface is sufficient to have connectivity.
Agree with A and B. SNAT hides internal Network from external Access but visibility. Static route should be used if you want to gain Access bi-directional, but that is unwanted.