12 Replies Latest reply on Feb 6, 2009 11:18 AM by TravisT

    NAT on ESXi

    Kal4601 Novice

      I am testing ESXi on an HP box with 2 NICs. I want to use one of the NICs for NATing for all VMs on this host and 2nd NIC for management, in other words my physical NIC address is, I want all the VMs to use 192.168.12.XXX addresses. Is it possible? if yes, how do I accomplish that? Thanks in advance.

        • 1. Re: NAT on ESXi
          oreeh Guru

          ESXi doesn't do NAT.


          Simply configure the VMs to use IP addresses in the desired range and add a virtual router which does the NAT.

          • 2. Re: NAT on ESXi
            Kal4601 Novice


            what would be the gateway address and DNS address? I want these VMs to be able to brows Internet.



            • 3. Re: NAT on ESXi
              oreeh Guru

              Whatever IP you configure in the virtual NAT device / virtual router (any Linux will do the trick).

              • 4. Re: NAT on ESXi
                patrickds Expert

                Of course, but this has nothing to do with NAT.

                Just create a vswitch with your Service console port group and the address, and a second vswitch with the VM Network portgroup and the 192.168.12.xxx addresses on the VMs.


                If the two networks aren't physically separated (using the same physical switch) you can just create one vswitch, with both physiacal nics and portgroups and their respective IP ranges.

                That way you can have network redundancy and loadbalancing for both portgroups.


                This is not NAT, because the physical network will be aware of the MAC addresses of the VMs on the vswitches, and see all virtual adapters, instead of only the Servcie Console, if it had been NAT.

                • 5. Re: NAT on ESXi
                  patrickds Expert

                  Does your 192.168 ip-range also exist outside of the ESXi server, or only on VMs?

                  • 6. Re: NAT on ESXi
                    TravisT Enthusiast


                    If you have the ability to create VLAN's on your physical switch, then I would create two VLAN's. One for the management network and one for the VM's. Then create a vSwtich for the management network and set it's IP to and add a nic to it. Then create another vSwitch for the virtual machines and add the other nic. Plug the nics in to their respective vlan's on your switch (ex. Port 1 = managment vlan and Port 2 = vm vlan).When you create your guest vm's, set their ip to the network.



                    Also, if your switch isn't a layer 3 switch, then you will need to have a router to route traffic between the two VLAN's. However, unless you plan on putting vCenter or other monitoring tools that need access to it, you may not have to do this.



                    Hope that helps,




                    • 7. Re: NAT on ESXi
                      TravisT Enthusiast

                      oh, and you could always have a vm with two nics acting as a router in between the two vswitches.

                      • 8. Re: NAT on ESXi
                        Kal4601 Novice


                        I am sorry but I still don't get it. How could simply assigning 192.X.X.X. address will allow VMs to go through a physical NIC to the Internet if there is no NAT and there no routing? The questions below still remain;



                        1- How and where can I setup NATed network range on the VM host? (192.x.x.x



                        2- What will be the gateway for VMs?



                        Attached photo might help understand what I am trying to explain. Thank you everyone for your responses.



                        • 9. Re: NAT on ESXi
                          Kal4601 Novice

                          Oreeh- How do I create a v-router through V-center?

                          • 10. Re: NAT on ESXi
                            TravisT Enthusiast

                            Here is an example of how our ESX hosts are networked. There are two vSwitches, one for the management network and one for the virtual machine network. The highlighted IP address in the management network would be your address. The physical nics attached to that vSwitch are teamed and load balanced within the properties of that vswitch.


                            There isn't a IP address that you assign to the virtual machine vswitch. The ip address, default gateway, and dns settings are set within the virtual machine it's self. If you would like to create a different subnet such as, then you would set your VM's with those addresses. However, if you don't have a physical router to act as a router you can create a virtual router. However, don't get confused, this isn't something VMware provides in their software. This is just another virtual machine that you would create that would have routing capabilities. In this case I have created a diagram to illustrate what you would do.








                            So, above you'll have two vswitches for your virtual machines. One will contain the physical nics that connect to the physical network. The other vswitch will not contain any physical nics but will connect all of your VM's together. The virtual router will have two virtual nics, one plugged in to vswitch1 and the other plugged in to vswitch2. The traffic will go through this VM or "virtual router".



                            Now, this is a little complex, but it will accomplish what you are looking for. The other option that mentioned and is the method I use is to use VLAN's to segment my network. Our VM's, Management Network, SAN, and physical network are all on seperate VLAN's connected to a layer 3 switch. The layer 3 switch allows me to do routing between the VLAN's. So, my gateway is just my VLAN interface on my physical switch.









                            So, to answer your questions based off of what I have illustrated:



                            1) NAT would be part of the Virtual Router. This could be a windows server with routing and remote access setup. Or you could setup a linux server with IP routing. There is a free linux distro called IP cop that would probably work for you.



                            2.) The gateway would be the virtual nic interface on the virtual router that is connected to vswitch 2 in the illustration.









                            Hope that helps,


                            • 11. Re: NAT on ESXi
                              Kal4601 Novice

                              Thank you TravisT. This clears up my confusions. In other words the VSwitch within the VM host is just a Layer 2 switch and cannot do routing or NATing. I will have to use a seperate vrouter or a physical router for that. Thanks a bunch again. Now I can move on.:)

                              • 12. Re: NAT on ESXi
                                TravisT Enthusiast


                                No problem. Yes it's kind of like a Layer 2 switch although slightly dumber and smarter in ways. I have attached a quick guide on virtual networking for you.



                                -- Travis