VMware Cloud Community
miladx16
Enthusiast
Enthusiast

vCenter and ESXi hosts are behind the NAT Can not connect to MKS

hi

i have problem when i want to connect to my vm and show the console window

my vcenter and my esxi server is behind the NAT

all of them has invalid ip address and they have been NAT to the valid ip address

when i connect vcenter through vsphere client or vsphere web client i cant get console window and it doesnt show any thing just give an error for port 902

and when i connect the esxi hosts directly via their valid ip i can get console window and it does not have any problem

i know that via vcenter when i get console window , i directly connect to the ESXi host with valid ip address and problem is because of this

but i want to know is there any solution to solve this?

in vcloud director we have an option (VMRC) for solving this

Reply
0 Kudos
3 Replies
CedricAnto
VMware Employee
VMware Employee


Do you have a firewall from Webclient/vSphere client to the ESX hosts , if yes you need to allow port 902 between source and destination(test it with telnet)?

This will fix the issue.




Also note this KB article about NAT

http://kb.vmware.com/kb/1010652

Using NAT between the vCenter Server system and ESXi/ESX hosts is an unsupported configuration.

Cedric http://in.linkedin.com/in/cedricrajendran/ http://virtualknightz.com/
Reply
0 Kudos
miladx16
Enthusiast
Enthusiast

we have firewall between vsphere client and vcenter that allow port 902 on it

all of ip add for vcenter,ESXi hosts will be NAT in to the firewall

for example if they are 172.20.20.0 in invalid range i can connect to them with 200.200.200.0(valid range)

in vcenter server all of the esxi servers added by invalid range(172.20.20.0)

when i connect with vsphere client to vcenter server, after i connected to a vm i receive this error message

because  i connected to that vm via 172.20.20.0 and i can not even ping it and i cant access to it

Reply
0 Kudos
miladx16
Enthusiast
Enthusiast

1. Add your ESXi hosts, and vCenter, to your public DNS (split DNS). Meaning your external DNS would have publics IPs while internal DNS would have your private network IPs. 
2. Create a VM (or physical machine) with 2 NICs. One NIC to your backend network to access ESXi hosts and One NIC to public IPs used for ESXi and vCenter. vCenter and each ESXi host need a public IP and that public IP is on the proxy host and also what is entered into DNS. A request is made to the public IP and forwarded to the backend ESX host. So when you open a console and vCenter is telling vSphere Client to go to esx02.backend.network.yourdomain.com, external DNS knows that this is actually PU.B.L.IC IP and not 10.10.10.x

3. Port forward each public IP to the proper backend private IP and port.

Reply
0 Kudos