VMware {code} Community
joe2015
Contributor
Contributor
‎10-02-2018 02:40 AM
Jump to solution

Cannot access Esxi 6.5 through Web or SSH

I have a simple set up with two Esxi hosts and an Untangle router as shown in the diagram

When I try to access the Web Ui of the Esxi host as http://172.16.20.10 I get the "This site cannot be reached" and ERR_CONNECTION_TIMED_OUT message.I am able to ping from any device on the 192.168.1.0/24 work and and trace route from Untangle works and the ports are not blocked.  I have also checked the static routes using Esxcli commands on the host itself and they are all in place.

I have reinstalled the HPE customized image on the Esxi and when the Esxi host gets a DHCP IP address (192.168.1.xx) I am able to access the web interface without any issues. I have been through the logs on the Esxi host and checked firewalls on both Untangle and Esxi hosts and now I have no clue what else to do.  Can some one please point me in the right direction?  Any help/clues much appreciated.

Network.JPG

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
joe2015
Contributor
Contributor
‎10-04-2018 03:48 AM
Jump to solution

Finally I have been able to get to the bottom of it.  It was the route in Untangle hat was causing the problem.  The next hop was mapped to the wrong interface.

It should have been local on internal (eth1) instead of local on Transit Vlan (eth1.101)

Many thanks for your help.

Inked20181004_203705_LI.jpg

View solution in original post

0 Kudos
9 Replies
daphnissov
Immortal
Immortal
‎10-02-2018 04:44 AM
Jump to solution

I'm confused at what you're saying. You first say

When I try to access the Web Ui of the Esxi host as http://172.16.20.10

but then you say

when the Esxi host gets a DHCP IP address (192.168.1.xx) I am able to access the web interface without any issues.

Your diagram does not account for 172.16.20.10, so what is this? There are no management IPs on your ESXi hosts. Your second statement appears to say that your issue is resolved. So I'm trying to understand what your problem is and if it's still ongoing.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
joe2015
Contributor
Contributor
‎10-02-2018 05:48 AM
Jump to solution

I am sorry if I confused you. 172.16.20.10 is in fact the management ip for Esxi1.

My home network is 192.168.1.0/24.  I want to keep my lab seperate from my home lan so I have created a few Vlans - 20 for Esxi Mgmt, hence 172.16.20.10 ip address. On the Dcui I have a Vlan Id of 20 as well. The trouble is although the routes have been configured correctly I cannot access the web ui of 172.16.20.10.

The only reason I stated that I can access the web interface is only if I get a dhcp auto configured ip which is not what I want, because it gives me a 192.168.1.xxx address. I hope I have now explained the situation clearly.

0 Kudos
daphnissov
Immortal
Immortal
‎10-02-2018 05:55 AM
Jump to solution

Ok, this clarifies some things. When you assign an IP on the 172.16 network to the ESXi management vmkernel port, can you ping that from another system on the same segment? Can you ping it from the 192.168 network? If any one of those answers is "no" then you have a networking issue that needs to be resolved.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
joe2015
Contributor
Contributor
‎10-02-2018 01:06 PM
Jump to solution

Yes I am able to ping 172.16.20.10 from any device on the 192.168.1.0.

0 Kudos
daphnissov
Immortal
Immortal
‎10-02-2018 01:41 PM
Jump to solution

If you can ping that IP, can you not access https://<IP>/ui in a web browser? This is the URL of the ESXi embedded host client.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
joe2015
Contributor
Contributor
‎10-02-2018 03:01 PM
Jump to solution

No I cannot access the web interface of Esxi using http://172.16.20.10 or http://172.16.20.10/ui. I cannot SSH either.

0 Kudos
daphnissov
Immortal
Immortal
‎10-02-2018 03:17 PM
Jump to solution

Ok, if you have 6.5 and you've enabled SSH as well as have the local ESXi firewall open for 443 and 22 and you *still* cannot access the host then Untangle must be in the way. Double check the device and ensure those ports are open. Also, confirm by putting a client device on the same L2. If it can access ESXi then firewall it is.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
joe2015
Contributor
Contributor
‎10-03-2018 06:30 PM
Jump to solution

I configured a pc with a static ip of 172.16.20.2 and made the switch port to which this pc is connected an access port to Vlan 20

I was then able to access Esxi web ui and also SSh.  Untangle is not blocking anything and this also proves that ports 22 and 443 are open.

Should I create a Vm port group for the management interface and assign it Vlan 20 by leaving the Vlan id blank on the Dcui.?

This is my trunking configuration on the Cisco switch

interface GigabitEthernet1/0/2

description Esxi Mgmt trunk port

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,20,101

switchport mode trunk

spanning-tree portfast trunk

Thanks again

0 Kudos
joe2015
Contributor
Contributor
‎10-04-2018 03:48 AM
Jump to solution

Finally I have been able to get to the bottom of it.  It was the route in Untangle hat was causing the problem.  The next hop was mapped to the wrong interface.

It should have been local on internal (eth1) instead of local on Transit Vlan (eth1.101)

Many thanks for your help.

Inked20181004_203705_LI.jpg

0 Kudos