Help Center/ Workspace/ User Guide (Administrators)/ Tenant Configuration/ Basic Configuration/ Enabling NAT Mapping for Direct Connect/ Port Mapping
Updated on 2025-08-07 GMT+08:00
View PDF
Share

Port Mapping

Scenarios

If an enterprise network is configured with a firewall, cloud desktops cannot be accessed via the enterprise network, or via the Direct Connect access address or Internet access address provided by Workspace. In this case, cloud desktops can be accessed through NAT mapping.

Prerequisites

  • Enable Direct Connect Access Address before enabling Direct Connect access port.
  • Enable Internet Access Address before enabling Internet access port.

Procedure

  1. Prepare an ECS that can access the Internet access address and Direct Connect access address of the project and use the ECS as the mapping server.

Tenant configuration

  1. Log in to the console.
  1. In the navigation pane, choose Tenant Configuration > Basic Settings.

    The Basic Settings page is displayed.

  2. Click NAT Mapping Settings on the right of Direct Connect Access Address. The NAT Mapping Settings page is displayed.
  3. Determine whether to enable NAT mapping.

    • : not enabled
    • : enabled

  1. After enabling NAT mapping, select the Port Mapping tab, select Internet access port or Direct Connect access port from the Port drop-down list, and click OK.
  2. Click on the left of the added Internet access port or Direct Connect access port to expand the port details. Configure the port as shown in Figure 1.

    Figure 1 NAT mapping settings
    • IP: Enter the IP address of the mapping server in 1.
    • Port: Enter a port number ranging from 1 to 65535.
    • vAG Service IP: Select one as required.
      • If there are multiple vAG service IP addresses, you need to add multiple data records. Click Add to add a row of data.
      • To delete unnecessary data, click Delete in the Operation column.
      • After NAT mapping is enabled, when you delete all data records at a time or the only data record, the button of confirming the deletion is unavailable and a message is displayed, indicating that no mapping rule is available.

  1. Check the box After NAT mapping is configured, the mapped vAG IP address, instead of the original vAG IP address, will be used to access the desktop. and click OK.

Mapping server configuration

  1. Log in to the mapping server created in 1 and open the mapping tool on the mapping server. IPOP is used as an example.
  2. Configure vAG mapping, Internet access mapping, or Direct Connect access mapping using IPOP on the mapped server.

    Figure 2 Configuring port mapping

    Configure vAG port mapping, as shown in Figure 2.

    1. Select the Port Mapping tab to configure port mapping.
    2. Local IP: The local IP address is used by default.
    3. Local Port: port configured in NAT mapping under tenant configuration
    4. Mapping IP: vAG IP address configured in NAT mapping under tenant configuration
    5. Map Port: The default vAG port is 8443.
    6. Protocol: The default value is TCP.
    7. Click Add.
    Configure address mapping, as shown in Figure 2.
    1. Select the Port Mapping tab to configure port mapping.
    2. Local IP: local IP address of the mapping server
    3. Local Port: port configured in NAT mapping under tenant configuration
    4. Mapping IP: Internet access address or Direct Connect access address (check it in Tenant Configuration on the console)
    5. Map Port:
      1. Port configured for the Internet IP address: 9445 for Huawei Cloud central sites and 443 for edge sites
      2. Port configured for the Direct Connect IP address: 443 for Huawei Cloud central sites and 9443 for edge sites
    6. Protocol: The default value is TCP.
    7. Click Add.

  3. After the configuration is complete, click START in IPOP.

    The access address configured during client login is the address mapped to the Internet access address or Direct Connect access address. (If the corresponding port is available, add the port.)

    Example: https://100.xx.xx.xx:1000