VMware Cloud Community
rolo96
Contributor
Contributor
‎09-09-2020 12:23 AM
Jump to solution

Esxi 6.5 2 host 2 public IP

Hi, I don't have much experience with virtualization I'm just netadmin so maybe i'm asking something dumb.
So i have this scenario as you can see on attached file. Left side works perfectly but we need 2 different public IP for both server.For right side I've created new Port group and new Virtual switch.

on second server I'm getting local ip and also have ping but can't do tracert or ping google.com facebook.com or anything with domain name. so it's domain problem as i'm guessing. but this happens when I'm using that second virtual switch.it's not a router problem or something like that because I've tried to connect PC directly to router 2 and in this scenario it works perfectly. I don't think also that it is windows problem because i've tried to several ones and also tried with linux and its still the same.I guess it's connected to esxi and I'm doing something wrong with configuring of it.
If you have any ideas what I'm doing wrong or how this scenario can work please give me some advice.
Thanks.

Capture.PNG

Capture1.PNG

Capture2.PNG

Reply
1 Solution

Accepted Solutions
Lalegre
Virtuoso
Virtuoso
‎09-09-2020 08:31 AM
Jump to solution

Hey Rolo,

Usually for the private IPs to browse the internet are being all NATed by your ISP in order for them to travel to internet to one or more IPs depend on how is your contract with them.

SNAT means Source NAT and it is the ability to translate Private IPs into Public IPs (Usually like this) for the server to travel to the internet. I assume here that one of your routers misses that configuration or if the router is managed by the ISP then they need to enable the Internet access or maybe they are filtering URLs.

It is hard to do the troubleshooting from here but you will need to check everything like:

  • Check that from your VM you can reach gateway on Router2.
  • Check that from Router2 you can reach 8.8.8.8
  • Check that you are not applying any type of ACL or Firewall rules (If it also works like that)
  • Check with the ISP if they are filtering any URL.
  • Check if you have any special NAT configuration or if you need to request it.
  • As you are not using VLANs please make sure that the portgroup is not VLAN tagged.

And also something that i do not get from your diagram is that on the very bottom you have "Public IPs" i assume this is to identify to which router do you want the VM to go and not that you are assigning that IP on a second interface inside the VM.

View solution in original post

Reply
0 Kudos
8 Replies
scott28tt
VMware Employee
VMware Employee
‎09-09-2020 01:32 AM
Jump to solution

I see no file attached.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
rolo96
Contributor
Contributor
‎09-09-2020 02:40 AM
Jump to solution

Hi Scott
My fault thought i had attached files there they are.

Reply
0 Kudos
Lalegre
Virtuoso
Virtuoso
‎09-09-2020 03:28 AM
Jump to solution

Hey rolo96​,

Could you please explain us a little bit more about your configuration? Seeing at the diagram i can see that you have two portgroups with one VM each and 1 Uplink on them. I can also assume that you are isolating the traffic using VLANs on each of them.

Are you applying SNAT rules on the routers? Are you applying those rules to the whole segment or to specific IPs?

Reply
0 Kudos
rolo96
Contributor
Contributor
‎09-09-2020 05:50 AM
Jump to solution

Hi Lalegre,

So right now I'm still testing it how to make it works so situation is next.
For this scenario as you can see i have 2 different Uplink from ISP 1 goes on first router1 second one for router2. I want 1 VM to get public IP from router1 and 2nd VM to get IP from router2. On routers i'm not using any Vlans, Those routers are for testing before i move that server to datacenter so in this case routers are giving away DHCP so VM-s at the and are getting IP address from DHCP.
and esxi is getting IP address from Router1 also from dhcp.

So in general i have simple configuration before i move all that things to datacenter thats why i want to know how that things work. after that i can create Vlans

Reply
0 Kudos
Lalegre
Virtuoso
Virtuoso
‎09-09-2020 05:59 AM
Jump to solution

Hey,

Which IPs are you delivering with the DHCP? I assume you are delivering the Private ones and in a normal scenario to going to the internet the have to be SNATed so how are you giving the ability to those VMs to reach 8.8.8.8?

In this scenario it does not matter which IPs does the ESXi host have as the VM Portgroup does nothing to do with it.

If you are not using VLANs i want to assume you have the next configured:

  1. Portgroup1 -> vmnic0 -> Left Windows Server
  2. Portgroup2 -> vmnic2 -> Right Windows Server

Is this right?

Reply
0 Kudos
rolo96
Contributor
Contributor
‎09-09-2020 06:10 AM
Jump to solution

Lalegre
Yes Portgroup1 on left side which was default and i've created second port group which is connected to vmnic2 .
On left side it gets 192.168.60.X network and on right side it gets 192.168.140.X network both router is configured in same way and those routers are Mikrotiks.
I don't understand fully what you mean about SNAT?

Reply
0 Kudos
Lalegre
Virtuoso
Virtuoso
‎09-09-2020 08:31 AM
Jump to solution

Hey Rolo,

Usually for the private IPs to browse the internet are being all NATed by your ISP in order for them to travel to internet to one or more IPs depend on how is your contract with them.

SNAT means Source NAT and it is the ability to translate Private IPs into Public IPs (Usually like this) for the server to travel to the internet. I assume here that one of your routers misses that configuration or if the router is managed by the ISP then they need to enable the Internet access or maybe they are filtering URLs.

It is hard to do the troubleshooting from here but you will need to check everything like:

  • Check that from your VM you can reach gateway on Router2.
  • Check that from Router2 you can reach 8.8.8.8
  • Check that you are not applying any type of ACL or Firewall rules (If it also works like that)
  • Check with the ISP if they are filtering any URL.
  • Check if you have any special NAT configuration or if you need to request it.
  • As you are not using VLANs please make sure that the portgroup is not VLAN tagged.

And also something that i do not get from your diagram is that on the very bottom you have "Public IPs" i assume this is to identify to which router do you want the VM to go and not that you are assigning that IP on a second interface inside the VM.

Reply
0 Kudos
rolo96
Contributor
Contributor
‎09-09-2020 09:00 AM
Jump to solution

Lalegre

Hey Lalegre,


Thank you so much for applying to this topic and so also for that much effort.
I figured out problem i had 1 rule in firewall which was blocking the traffic, i have lots of rules and that 1 rule made all this problem i'm struggling for 3 days :smileygrin: but that rule i had,  should have had turned down all the traffic but i still had a ping and also could connect to RDP that's why i've not turned off that rule before.

Anyways works fine now , Moving on next steps to see how esxi works. :smileycool:

Thank you again for helping me.

Reply