Solved: Create an IP Group 10.xxx.xxx.xxx to isolate my in... - VMware Technology Network VMTN

VMware Networking Community

Hello everybody,

I have a VMware home lab where I have some Windows, Linux, and other V-Machines installed, all my Home Labs are using my Router Private IP 192.168.1.XXX but now I want to advance with NSX and I am wondering if I can create an IP Address Group with 10.XXX.XXX.XXX IP to be used only inside my home lab using NSX to isolate from my home devices. Can someone point me to how I can do it (Videos, Tuts, or any documentation)?

2 Solutions

Accepted Solutions

Hello,

Yes, the easiest way in my opinion is to use some kind of NAT. You will then hide everything related to NSX-T behind your NAT (you may be able to do it also with NSX-T, but for basic study purposes it is good to use for example VyOS - a small Linux based router/firewall).

On youtube Jeffrey Kusters has a great videos regarding NSX-T and the stuff you would like to do (https://www.youtube.com/watch?v=7d1fwsVlOLI&list=PLF5eL3jdkBq7CAuCd-Eo8qiupcn7chfEX).

I usally setup lab in similar manner - an ESXi host with nested environment inside (2-3 other ESXi hosts, vCenter, NSX-T manager either on the nested hosts or on the physical one), 2 vSS - one for the isolated environment with the necessary security settings on, second for physical host management and outside connection. On the physical host I have a VyOS VM with 2 NICs - one inside a portgroup for outside connection, the second inside a portgroup on the isolated environment and this VyOS VM is basically doing NAT service for the nested environment + more (but that is another topic). Check the series - you will find more than enough regarding this in there.

J.

View solution in original post

J.

Sorry for the delay. Thank you very much for your answer, I watched the videos from the link you sent me and it gave me an idea, after I researched the VyOS configuration and I was able to do what i wanted, again thank you.

View solution in original post

3 Replies

Hello,

Yes, the easiest way in my opinion is to use some kind of NAT. You will then hide everything related to NSX-T behind your NAT (you may be able to do it also with NSX-T, but for basic study purposes it is good to use for example VyOS - a small Linux based router/firewall).

On youtube Jeffrey Kusters has a great videos regarding NSX-T and the stuff you would like to do (https://www.youtube.com/watch?v=7d1fwsVlOLI&list=PLF5eL3jdkBq7CAuCd-Eo8qiupcn7chfEX).

I usally setup lab in similar manner - an ESXi host with nested environment inside (2-3 other ESXi hosts, vCenter, NSX-T manager either on the nested hosts or on the physical one), 2 vSS - one for the isolated environment with the necessary security settings on, second for physical host management and outside connection. On the physical host I have a VyOS VM with 2 NICs - one inside a portgroup for outside connection, the second inside a portgroup on the isolated environment and this VyOS VM is basically doing NAT service for the nested environment + more (but that is another topic). Check the series - you will find more than enough regarding this in there.

J.

J.

Sorry for the delay. Thank you very much for your answer, I watched the videos from the link you sent me and it gave me an idea, after I researched the VyOS configuration and I was able to do what i wanted, again thank you.

No problem at all 🙂 - glad I could share the knowledge and give a little bit back of what I have learned around here.