VMware Cloud Community
kleinet
Contributor
Contributor

how to configure dmz port to Virtual machine on esxi 5

hello,

on my sbox router i have dmz port and i would like to connect it to my some virtual machine (on my esxi 5.0.0).

i don't now what should i do

Please help me.

Thanks.

16 Replies
DCSpooner
Enthusiast
Enthusiast

Do you have more than on physical nic on your ESXi server? if you do are you using them all?

Reply
0 Kudos
kleinet
Contributor
Contributor

i have 4 NIC on my server.im use only one.

how can i configure the other nics to working with DMZ port ?

Reply
0 Kudos
rcporto
Leadership
Leadership

You can create another vSwitch and associate some physical NICs to this vSwitch, connect the physical NICs to the DMZ physical switch, create a Port Group on the new vSwitch and bind the virtual network interface of VM to this new Port Group.

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
DCSpooner
Enthusiast
Enthusiast

that is where I was going, so do what Richard said to do.

I would have 2 NICs for main traffic and 2 NICs for my DMZ. you should have 2 switches, vSwitch0 and the your DMZ switch.

Reply
0 Kudos
kleinet
Contributor
Contributor

i did it,Now i have vSwitch0 and vSwitch1.

Now the problem that my DMZ (port group) shown on vSwitch0,and my DMZ port Going to vswitch1 !

how can i move it to Vswitch 1 ?

Reply
0 Kudos
kleinet
Contributor
Contributor

i did it,Now i have vSwitch0 and vSwitch1.

Now the problem that my DMZ (port group) shown on vSwitch0,and my DMZ port Going to vswitch1 !

how can i move it to Vswitch 1 ?

Reply
0 Kudos
a_p_
Leadership
Leadership

Simply create a new DMZ port group on vSwitch1 (unless there's already one) and reconfigure the VM's which are currently connected to the DMZ port group on vSwitch0 to use the new DMZ port group on vSwitch1. Once all VM's are reconfigured you may delete the old DMZ port group on vSwitch0.


André

Reply
0 Kudos
kleinet
Contributor
Contributor

i did it but i did not get any  ip address.

on my sbox the configuration are  :

ip address 192.168.1.1

subnet:255.255.255.0

And the dhcp server is enable.

so what ip address should i configure on vSwitch1 ?

thanks.

Reply
0 Kudos
a_p_
Leadership
Leadership

A virtual machine port group itself doesn't have an IP address. Only the connected VM's need one. If the VM's don't receive a DHCP lease from the connected DHCP server, then there's got to be another reason for this.

Please post a screenshot of how your current virtual network setup (i.e. Configuration -> Networking) looks like.

André

Reply
0 Kudos
DCSpooner
Enthusiast
Enthusiast

typical consumer routers, the DMZ port is for one IP address and of course i needs to be static assigned. i guess is that you will only be able to use one VM on the DMZ port.

Reply
0 Kudos
kleinet
Contributor
Contributor

Please see my screenshot.

Screenshot_1.png

Reply
0 Kudos
a_p_
Leadership
Leadership

vSwitch0: You can delete the "DMZ" port group from the vSwitch's "Properties ..."

vSwitch0: Why did you set VLAN-ID 4095 for the "Management Network" port group?

vSwitch1: What's the purpose of the "DMZ PORT" VMkernel port group? All you need on vSwitch1 is your Virtual Machine "DMZ PORT GROUP" and vmnic3 connected to the DMZ router.

André

Reply
0 Kudos
kleinet
Contributor
Contributor

vSwitch0: You can delete the "DMZ" port group from the vSwitch's "Properties ...

Done.Please See My New Screenshot.

vSwitch0: Why did you set VLAN-ID 4095 for the "Management Network" port group?

I Dont remmber That I did it. it is not the Defualt Settings?

vSwitch1: What's the purpose of the "DMZ PORT" VMkernel port group? All you need on vSwitch1 is your Virtual Machine "DMZ PORT GROUP" and vmnic3

connected to the DMZ route

DMZ PORT Its Done For test.Should i Delete it ?

So How Can i DO ThisVmware.png "All you need on vSwitch1 is your Virtual Machine "DMZ PORT GROUP"

vmnic3 Are already connected to the DMZ router.

Thanks,Guy.

Reply
0 Kudos
a_p_
Leadership
Leadership

VLAN ID 4095 is used in cases where it is required to pass the network traffic directly to the target, i.e. including the VLAN in the header. Assuming that you do not use VLANs, you may want to set the VLAN ID for the Management Network to "(none)" which is the default.

Unless the ESXi host itself needs to communicate with the DMZ you should delete the VMkernel port group and only keep the Virtual Machine Port Group - to which you connect the VMs - on vSwitch1.

André

Reply
0 Kudos
kleinet
Contributor
Contributor

Thanks a lot now it finally working !

Now I want to add HP managed switch

How it fits into this network?

I have  2 Vlan on My Switch ?

I Have Number of questions:

Where To  Connect My HP Switch ?  To SBOX Router  Lan Port ? Or to one of my Nic on the server ?

Reply
0 Kudos
DCSpooner
Enthusiast
Enthusiast

you connect your HP switch to the SBOX router and your Server to the HP switch.

now for you DMZ connection, it depends on how many public IPs your SBOX can support.

if your SBOX can support and many public IP, then I would suggest connecting your SBOX DMZ port to the HP switch using a different VLAN.

other wise don't change it keep the DMZ port connected to the server.

another option is to run your own router/firewall, this depends highly on your isp setup and if you can do this

me I had DSL a few years ago and ran my own cisco DSL (2611XM) router and then a Cisco PIX (515E) firewall for my firewall. 

Reply
0 Kudos