grob115
Enthusiast
Enthusiast

Does ESXi limit incoming connection based on network?

Hi I have setup ESXi's vkm0 for management on 192.168.20.20 but when I try to connect from 192.168.50.2 with vSphere client there is no response.  However when I try to connect from 192.168.20.233 there is a response.  Is there some kind of security feature to limit which network it will accept management connection from?

0 Kudos
6 Replies
Anjani_Kumar
Commander
Commander

I believe you should make sure that your different subnets have the reachability to each other.

Did you tried to ping and telnet the ESXI host from 50.X subnet machine.

same subnet is reachable reason a visibility in same subnet . This should be a problem in your network configuration in you design.

Please consider marking this answer "correct" or "helpful" if you found it useful. Anjani Kumar | VMware vExpert 2014-2015-2016 | Infrastructure Specialist Twitter : @anjaniyadav85 Website : http://www.Vmwareminds.com
0 Kudos
rcporto
Leadership
Leadership

Like already stated above, you should make sure that the network 192.168.50.x can reach (has a route) for network 192.168.20.x and that default gateway address is configured on ESXi and your managemtn station.

And if there is a firewall between this two network, you should open ports to allow the vSphere Client connect to your vSphere host: VMware KB: Required ports for ESXi 5.1.x

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
grob115
Enthusiast
Enthusiast

Sorry I need to clarify.

  1. I am at 192.168.50.2.
  2. I am trying to reach ESXi at 192.168.20.20 via either Putty or vSphere client.  Both failed.
  3. I tried to do a test and Putty to another device at 192.168.20.233.  This worked.
  4. I tried to then Putty to ESXi from 192.168.20.233.  This also worked.

Question is why am I able to reach 192.168.20.233 but not ESXi at 192.168.20.20?

0 Kudos
RichardBush
Hot Shot
Hot Shot

hi,

can can you ping between the two hosts ? Have you checked your gateway on the ESXi host ?

It sounds to me like the gateway is the most likely here

RIch

grob115
Enthusiast
Enthusiast

Hi thanks.  It was indeed due to the routing table on ESXi.  It works now after I have executed the following command.

esxcli network ip route ipv4 add --gateway 192.168.20.1 --network 192.168.50.0/24

Not sure if this is persistent across reboot but I have added it to the following file anyway.

/etc/rc.local.d/local.sh

0 Kudos
grob115
Enthusiast
Enthusiast

For the record, I found the following resources helpful.

VMware KB: Configuring static routes for vmkernel ports on an ESXi host

http://www.tunnelsup.com/networking-commands-for-the-vmware-esxi-host-command-line

VMware KB: Modifying the rc.local or local.sh file in ESX/ESXi to execute commands while booting

Unfortunately this must be done on the CLI because the vSphere client only let's you update the default route, and I'm not sure if anyone has this problem as well, my vSphere client can only display some of the text.  So in this case it displayed the first octet of the default gateway's IP address under the host's Configuration tab -> DNS and Routing -> Properties -> Routing tab.

0 Kudos