So the way I understand it, the ESX host uses the name of the VirtualCenter Server. And by modifying the host file of the ESX server to point the VirtualCenter server's NATed ip, you will set the return route thru the NAT. Is this correct?

Yes, and you want to make sure this works both ways.

-KjB

VMware vExpert

No, I haven't got it to work yet. Although, I'm not sure what is meant by "and you want to make sure that it work both ways." If I modify the host file on the Virtualcenter server to reflect the NATed address, I'm pretty sure that the server won't be very happy. Right now I'm working through some networking issues with the NATed IP address.

I see. I currently don't have any firewall/NAT issues.. i'm able to talk on those VM ports and other apps have no issues talking to these NATd ESX servers. It is just in VC , the ESX server that is NATd and not in the same network as the VC that times out after 5 minutes. I have no issues with the ESX and VC are in the same network. But, according to VMware and the known issue of NATd ESX servers with VC communication is a known issue. I wish this was supported. Let me know how it goes.

Thanks!

I'm having the same issues of timing out after 5 minutes.

Dang, that is a bummer.

All works well except it won't stay connected. I have been working on this for a while and just came across this thread.

It really seems they are not telling us about some needed port or something. I just can't see how a firewall can't make this work if we really had all the information.

Do they site any reason for it disconnecting? ESXi doesn't work either as far as staying connected.

I added the following to the <vpxd> section of the vpxd.cfg file, where 10.7.225.217 is the NATed IP of the VirtualCenter Server and it still does not work:

<managedip>

10.7.225.217

</managedip>

I'm looking into alternatives...

I'm shocked this is not supported. I would think many VMware customers are going through this same issue as we see in this thread.

Extra frustrating since the basic Infrustructure client works perfectly without any issues at all.

I am with you there. I'm very shocked. Exactly why does it work with VI client from desktops, but VC has a fit. Is this issue still in vCenter? How does VMware expect us customers have have all there esx servers in the same network? Not logically possible. Very unusually. I'm still waiting for an answer to this known issues. Let's keep trying. It's good to see others are also having this issue.

I have an amazing VMware expert at my disposal. He still asserts he can make this work but I took him off the project temporarily this morning as he has some bigger automation related fish to fry for us right now. He was pretty grumpy about it as well.

I read something the other day, that was stating that any hosts being nat'd had to have a local Vcenter server. Ups the cost pretty darn much to do that, out of reach with ESXi / Foundation users like me.

Yeah, that's exactly how I Interpret it... but, other VC alternatives have that functionality of managing ESX at different networks that are NATd. So, one would think VC would also. Let us know if he comes up with a fix.

After troubleshooting and opening UDP instead of TCP for port 902, it looks like the managed ip did the trick. I do have one more issue though. When I changed the managed IP I lost contact with my ESX servers that are within the firewall. I tried adding another managed ip but the VC service didn't start after I made the change.

I finally found an answer that works for all of the networks. This is the link:

http://communities.vmware.com/thread/64794

Essentially, you change the following lines and add the preserveServerIP line to /etc/opt/vmware/vpxa/vpxa.cfg on the ESX server.

<preserveServerIp>true</preserveServerIp>

<serverIp>NATTed ip</serverIp>

<serverPort>902</serverPort>