Not sure if VMware did not do the documentation properly OR I did not read it properly. It took me over 2-day to figure out how to setup vCloud Director to provide VM console access of VM to authorized user on Internet. The highlevel diagram is attached below. This might not be the best setup but works and makes sense to me.
The configuration on Firewall (I use ASA):
- Configure Static NAT for 172.16.8.10 to 188.8.131.52. So user on Internet can access 184.108.40.206 to login to vCloud Director portal
- Configure identity NAT between External and LAN interfaces: for any traffic, which arrives on External interface of firewall, destines for 220.127.116.11, firewall will translate the source address to 18.104.22.168 and destination address to 172.16.9.10
The configuration on vCloud Director (I use centOS with 2 NICs and default gateway 172.16.8.1):
- Set the external proxy IP to 22.214.171.124 in the vCloud Director management portal
- Add static route in centOS: Send traffic to 172.16.9.2 if the destination address is 126.96.36.199