Not sure if VMware did not do the documentation properly OR I did not read it properly. It took me over 2-day to figure out how to setup vCloud Director to provide VM console access of VM to authorized user on Internet. The highlevel diagram is attached below. This might not be the best setup but works and makes sense to me.
The configuration on Firewall (I use ASA):
- Configure Static NAT for 172.16.8.10 to 184.108.40.206. So user on Internet can access 220.127.116.11 to login to vCloud Director portal
- Configure identity NAT between External and LAN interfaces: for any traffic, which arrives on External interface of firewall, destines for 18.104.22.168, firewall will translate the source address to 22.214.171.124 and destination address to 172.16.9.10
The configuration on vCloud Director (I use centOS with 2 NICs and default gateway 172.16.8.1):
- Set the external proxy IP to 126.96.36.199 in the vCloud Director management portal
- Add static route in centOS: Send traffic to 172.16.9.2 if the destination address is 188.8.131.52