Hi Paul, the DNAT rules are working if I pull an IP from the current sub-allocated pool.
If I rephrase the question into, what if I wanted to an additional sub-allocated pool that I can use for DNAT, and this new pool is not in the same subnet as the first sub-allocated pool ?
In my example:
External Network -1.1.1.0/30
External IP of NSX Edge is 1.1.1.1 (I can sub-allocated this IP within the edges setting, and then use this IP for DNAT or SNAT)
Default gateway of the NSX edge is 1.1.1.2 (let's say a Cisco router)
Let's say I have a webserver behind the NSX edge and I have a DNAT rule setup for port 80 (1.1.1.1:80 -> 192.168.1.10:80 for example), everything up to here is working successfully.
Now I want to add a second websever 192.168.1.11 and I need another external IP. Because the current external /30 is already used for the DNAT rule above.
I then get a new subnet from the ISP 1.1.1.4/30, traditionally you will route this subnet to the external interface of a firewall and you could use the entire subnet for NAT (1.1.1.4 - 1.1.1.7). But since NSX/vCloud requires the subnet to be specified in the "Sub-Allocate IP Pool" of the Edge Gateway Properties, it will need to grab these IP's from somewhere.
1. I can't create a new External Network within cloud resources as the default gateway needs to stay as the original 1.1.1.2
2. Within System - Manage & Monitor - External Networks. I enter into the properties of my existing External Pool /30, and add a new Network Specification for the new subnet 1.1.1.4/30, however out of this subnet I need to specify a default gateway which needs to be specified as a secondary on the Cisco router interface that is providing the default gateway of 1.1.1.2.
So each time I add a network specification, I lose 1 IP out of the subnet for the default gateway plus I need additional setup on the Cisco router.