VMware Cloud Community
Ispanico76
Contributor
Contributor
Jump to solution

Moving to Esxi 6.5 is having firewall/networking issues

I moved from Esxi4 to 6.5 and everything works fine except the VPN connection. To establish the VPN connection I used Endian Firewall 2.3 that is installed as a virtual machine inside Esxi.

Before this upgrade my IT infrastructure used ESXi 4 and everything worked; after the upgrade to ESXi 6.5 the openVPN (provided by Endian Firewall) can establish the connection but the PCs inside the Intranet are not reachable (neither PING nor RDP works) by the client from outside. I tried using the same VM (phisically) of Endian Firewall but also installing the last version: the problem is the same.

Does anyone has an idea of what could be the reason of this problem? What is changed in the security/networking model of ESXi 6.5 (compared with 4) that could cause this problem?

Thanks in advance

Roberto

Reply
0 Kudos
1 Solution

Accepted Solutions
Gavis4569
Enthusiast
Enthusiast
Jump to solution

I have seen similiar behaviour with L2 VPNs terminating on VM. Have a look Security Policy of your vSwitch or Port Group that might get involved.

Configure the Security Policy for a vSphere Standard Switch or Standard Port Group

Problem here is that there will be a frame comming from the VM but with MAC not assosiated with the VM itself.

Martin Gavanda https://martingavanda.com https://learnvmware.online

View solution in original post

Reply
0 Kudos
2 Replies
Gavis4569
Enthusiast
Enthusiast
Jump to solution

I have seen similiar behaviour with L2 VPNs terminating on VM. Have a look Security Policy of your vSwitch or Port Group that might get involved.

Configure the Security Policy for a vSphere Standard Switch or Standard Port Group

Problem here is that there will be a frame comming from the VM but with MAC not assosiated with the VM itself.

Martin Gavanda https://martingavanda.com https://learnvmware.online
Reply
0 Kudos
Ispanico76
Contributor
Contributor
Jump to solution

Hi Martin,

The problem was related to the vswitch promiscuous mode that was disabled. Enabling the promiscuous mode everything works like a charm.

Thanks a lot for the hint!

Bye

Reply
0 Kudos