Updated on 2025-08-07 GMT+08:00

Address Mapping

Scenarios

If an enterprise network is configured with a firewall, cloud desktops cannot be accessed via the enterprise network, or via the Direct Connect access address or Internet access address provided by Workspace. In this case, cloud desktops can be accessed through NAT mapping.

Prerequisites

The Direct Connect access address has been enabled.

Procedure

  1. Prepare an ECS that can access the Internet access address and Direct Connect access address of the project and use the ECS as the mapping server.

Tenant configuration

  1. Log in to the console.
  1. In the navigation pane, choose Tenant Configuration > Basic Settings.

    The Basic Settings page is displayed.

  2. Click NAT Mapping Settings on the right of Direct Connect Access Address. The NAT Mapping Settings page is displayed.
  3. Determine whether to enable NAT mapping.

    • : not enabled
    • : enabled

  4. After NAT mapping is enabled, select the IP Address Mapping tab and click Add. The page for adding IP address mapping is displayed.
  5. Enter the required domain name, domain name + port, IP address, and IP address + port in the address box.

    Ensure that the entered address is accessible for the mapping server in 1.

  6. Determine whether to associate enterprise projects and tags.

    • : Associate enterprise projects and tags and perform 9 to 10.
    • : Do not associate enterprise projects and tags. Perform 11 to 12.

  7. Select the required enterprise project from the Associated Enterprise Project drop-down list, or click Add below, and select the required tag key and value.

    After enabling the function of associating with enterprise projects and tags, if you do not select an enterprise project, you must associate with at least one tag.

  8. Click OK.
  9. Select the IP Address Mapping tab and click Add. The page for adding IP address mapping is displayed. Toggle off Associate with Enterprise Project and Tag.
  10. Click OK.

    You can add a maximum of 10 addresses.

  11. Click on the left of the added address to expand the address details and configure the address, as shown in Figure 1.

    Figure 1 NAT mapping settings
    • IP: Enter the IP address of the mapping server in 1.
    • Port: Enter a port number ranging from 1 to 65535.
    • vAG Service IP: Select one as required.
      • If there are multiple vAG service IP addresses, you need to add multiple data records. Click Add to add a row of data.
      • To delete unnecessary data, click Delete in the Operation column.
      • After NAT mapping is enabled, when you delete all data records at a time or the only data record, the button of confirming the deletion is unavailable and a message is displayed, indicating that no mapping rule is available.

  12. Check the box After NAT mapping is configured, the mapped vAG IP address, instead of the original vAG IP address, will be used to access the desktop. and click OK.

Mapping server configuration

  1. Log in to the mapping server created in 1.
  2. Open the mapping tool on the mapping server. IPOP is used as an example.
  1. In the IPOP window, select the Port Mapping tab to configure port mapping, vAG mapping, Internet access mapping, or Direct Connect access mapping.

    Figure 2 Configuring port mapping
    Configure vAG port mapping, as shown in Figure 2.
    1. Select the Port Mapping tab to configure port mapping.
    2. Local IP: local IP address of the mapping server
    3. Local Port: port configured in NAT mapping under tenant configuration
    4. Mapping IP: vAG IP address configured in NAT mapping under tenant configuration
    5. Map Port: The default vAG port is 8443.
    6. Protocol: The default value is TCP.
    7. Click Add.
      • If there are multiple vAG service IP addresses, you need to add multiple data records. Click Add to add a row of data.
      • To delete unnecessary data, click Delete in the Operation column.

    Configure address mapping, as shown in Figure 2.

    1. Select the Port Mapping tab to configure port mapping.
    2. Local IP: local IP address of the mapping server
    3. Local Port: port configured in NAT mapping under tenant configuration
    4. Mapping IP: Internet access address or Direct Connect access address (check it in Tenant Configuration on the console)
    5. Map Port:
      1. Port configured for the Internet IP address: 9445 for Huawei Cloud central sites and 443 for edge sites
      2. Port configured for the Direct Connect IP address: 443 for Huawei Cloud central sites and 9443 for edge sites
    6. Protocol: The default value is TCP.
    7. Click Add.

  2. After the configuration is complete, click START in IPOP.

    The access address configured during client login is the address mapped to the Internet access address or Direct Connect access address. (If the corresponding port is available, add the port.)

    Example: https://100.xx.xx.xx:1000