Hi, I have a problem with get access to vSphere from Virtual Lan, but let's start from begining
My soft vpnserver "router" give mi access to 192.168.0.0/24 notwork (vSwitch2 - V.Net and V.Net Managment)
When I want open https://192.168.0.200 in web browser I get error so what is the reason of that situation - embeded firewall or not right config of VM Kernel Port for V.Net Managment?
Can you ping this IP? or performa "telnet 902"?
Marcelo Soares
VMWare Certified Professional 310/410
Virtualization Tech Master
Globant Argentina
Consider awarding points for "helpful" and/or "correct" answers.
ping 192.168.0.1 - ok - router from V.NET
ping 192.168.0.98 - ok - Windows Machine
ping 192.168.0.200 - fail - ESXi Server
same with telnet on 443. RDP to Windows working and ESXi portal from this machine working so propably is not routers firewall rather config of VMKernel
Hmmm... ok, and did you configured a gateway for the management network of this box? Are you able to ping it from one of the machines from inside the 192.168.0.* network?
Marcelo Soares
VMWare Certified Professional 310/410
Virtualization Tech Master
Globant Argentina
Consider awarding points for "helpful" and/or "correct" answers.
Is your esxi management ip 192.168.0.200?
esxi does not include an http interface which is probably your problem.
but, more importantly, you should NEVER expose the manahement interface to the internet in any shape or form...
I will explain once again, I have server with 2 Lan adapter, one of them is for LAN (vSwitch0 192.168.1.0/24) where is Managment Interface 192.168.1.70 and everything working OK, but I want manage ESXi from WAN side so I create only internal network area (vSwitch2 192.168.0.0/24) with VMKernel Port 192.168.0.200 and its working to, from RDP i can manage from vSphere Client and https portal is working too but ...
but from VPN is not working, Im passing all trafic TCP/UDP and ICMP, problem is in ESXi because packet from VPN subnet is routing in OpenVPN Server to LAN address and firewall in ESXi blocks it - that is my opinion
Funny is that I have done the same in other server and there everything works fine
Rumple, U dont need to afraid about WAN side because i have firewall on the border
I see said the blind man...
Have you conencted right to the ESX server with the Virtual Infrastructure Client (VIC) to look at the security settings to see if there is any difference between the machines firewall rules.
although you've added a second vmkernet network, my suspicion is that traffic is coming in the .200 network ip, but traveling out the default vmkernel interface ip of .70...and when the firewall see's that request it drops the packet. I've done the same thing as you using different network's for the management interface and putting on a static route to make sure traffic went back out the right interface...
OK, I have changed it and now its working but I need some advise
I have 2 VMKernel Port for managment, First one with physical adapter have ip 192.168.1.70/24 and second one without adapter with ip 192.168.0.200/24.
And I have only one gate for my machine, If I choose 192.168.1.1 I cant manage from remote host BUT If I choose 192.168.0.1 everything working
In first situation:
My host (ex 10.0.0.2/24) -> VPN -> VPN Server (10.0.0.1/24 / 192.168.0.1/24) -> ESXi (192.168.0.200) ... and packet go to gate (192.168.1.1)
In second one:
My host (ex 10.0.0.2/24) -> VPN -> VPN Server (10.0.0.1/24 / 192.168.0.1/24) -> ESXi (192.168.0.200) ... and packet go back to VPN Server (192.168.0.1)
I understand correctly?
You must have in mind that your problem is network related. Anytime you need to access another network you need a route for that. What I would suggest to you is to enable NAT on your VPN server, or create static routes on the ESXi - but this will demand a little extra configuration because of the nature of the ESXi service console.
Marcelo Soares
VMWare Certified Professional 310/410
Virtualization Tech Master
Globant Argentina
Consider awarding points for "helpful" and/or "correct" answers.