VMware Cloud Community
AceParking
Contributor
Contributor
‎01-06-2012 09:37 AM
Jump to solution

DMZ and Internal on same host

So I have a ESXi 5 host with 4 pNICs (This is a test box) running 4 guest and I wanted to configure 1 pNIC for a DMZ. When I set a vSwitch, the VMkernel Default Gateway is already point to my internal gateway while the DMZ has a different IP for the gateway. Is it possible to configure a second default gateway to use for the DMZ network and how would it be done? Again, this is only a test box with nothing important on it. Just learning.

Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
a_p_
Leadership
Leadership
‎01-06-2012 10:45 AM
Jump to solution

There's not much I can say, it's actually a very easy and straight forward setup. When you create a new vSwitch on the ESXi host with an uplink to the DMZ network, you can deploy virtual machines attached to this vSwitch (its VM port group) in the DMZ subnet as if they were physical systems. The different vSwitches on the ESXi host are not connected to each other in any way. The uplink does not need an IP address, it's only the virtual machine in which the IP settings have to be configured appropriately.

André

View solution in original post

0 Kudos
4 Replies
a_p_
Leadership
Leadership
‎01-06-2012 09:48 AM
Jump to solution

Do you want to have the host in the DMZ or just a VM. If the latter you only need to create a vSwitch with an uplink to the DMZ network and a virtual machine port group (no VMKernel port group) and set the appropriate IP settings in the guest OS.

André

0 Kudos
AceParking
Contributor
Contributor
‎01-06-2012 10:24 AM
Jump to solution

Yes the latter....Could you explain that a little more. Thanks

0 Kudos
a_p_
Leadership
Leadership
‎01-06-2012 10:45 AM
Jump to solution

There's not much I can say, it's actually a very easy and straight forward setup. When you create a new vSwitch on the ESXi host with an uplink to the DMZ network, you can deploy virtual machines attached to this vSwitch (its VM port group) in the DMZ subnet as if they were physical systems. The different vSwitches on the ESXi host are not connected to each other in any way. The uplink does not need an IP address, it's only the virtual machine in which the IP settings have to be configured appropriately.

André

0 Kudos
AceParking
Contributor
Contributor
‎01-06-2012 10:48 AM
Jump to solution

Got it. I was making to complicated.....

Thanks

0 Kudos