OCI Secure Desktops: Adding a NAT Gateway (Doc ID 2979504.1)

Last updated on FEBRUARY 15, 2024

Applies to:

Goal

Typically OCI Secure Desktops are created in the private subnet. For those compute instances in the private subnet, a NAT Gateway needs to be configured to allow access to the internet.

This document will assist with creating a NAT Gateway and adding it to a Route Table, to allow for internet access from a Secure Desktop in a pool.

A NAT gateway gives cloud resources without a public IP access to the on-premises network, which is an external public network from the point of view of a VCN, without exposing those resources. The gateway allows hosts to initiate connections to the on-premises network and receive responses, but prevents them from receiving inbound connections initiated from the on-premises network. NAT gateways are highly available and support TCP, UDP, and ICMP ping traffic. The Networking service automatically assigns a public IP address to the NAT gateway. You can't choose its public IP address.

When a host in the private network initiates a connection to the on-premises network, the NAT device's public IP address becomes the source IP address for the outbound traffic. The response traffic from the on-premises network therefore uses that public IP address as the destination IP address. The NAT device then routes the response back to the private network, to the host that initiated the connection.

VCN routing is controlled at the subnet level, so you can specify which subnets use a NAT gateway. You can configure only one NAT gateway per VCN.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.