we have a customer who has vSphere 6 in version 6.7.0 (Build 8169922) and we want to backup one VM running on it.
We are using Synology Active Backup for Business 2.1.1-1125.
I have successfully added our Free ESXi on the same LAN, where is located our NAS device.
Unfortunately, I can not add the customer´s ESXi 6 essentials. I have read the requirements and limitations and the necessary ports are opened on the ESXi as well as the port forwarding on the customer´s router (MikroTik).
When I am trying to add this hypervisor, every time I get an error: Failed to connect to the host [public ip]. Please check the server address, account settings, and your network settings.
I am trying to connect with the root user, so the rights should be fine.
I can also see, that packets are hitting the NAT firewall rule. (PublicIP:44443 -> LocalIP:443; PublicIP:902 -> LocalIP:902)
So I think, that the problem is on the host itself, but I don´t know, where to find the problem.
Could you help me somehow?
So you're trying to connect your backup software or appliance which is on your network to a customer's ESXi host on their network?
When you say "add this hypervisor", I assume you mean the customer's ESXi host - but what are you actually trying to add it to? What UI are you using? (screenshots would be useful)
thank you for your reply.
Yes, I am trying to add a customer´s ESXi host (on their network) to our Synology Active Backup for Business (on our network).
The goal is to backup the customer´s VM over WAN to our Synology NAS. Synology ABB is an app in NAS and I manage it using a web browser.
When I will successfully add the customer´s ESXi host, I will see all the VMs and will be able to choose, which VM I want to backup.
Something like our Free ESXi in our LAN.
Here is the list of customer´s firewall rules on that ESXi.
When I have tried telnet <customer´s public IP> 44443 - no luck
I have tried it from our LAN but without success.
On the customer´s ESXi is another VM, which has NAT rule with port 443.
When I have tried from our LAN telnet <customer´s public IP> 443 - successfully connected.
So definitely the DNAT rule is not correctly applying or there is an issue there. Make sure that you only have one DNAT rule using port 44443 as if don't it will not work.
Also make sure you are allowing your source Public IP from where you are being SNATed to access that Public IP on port 44443.
DNAT should be fine as I have other ones, which are working fine. I have also only one DNAT rule with port 44443.
Sure, I have allowed our source Public IP, but even without it, it is not working.
Do you have any other ideas, what I am missing or what should be bad?
I do not know how your construction is to be honest but the issue you are facing is clearly connectivity and is getting dropped in some point, could you give us a quick diagram or explain a little bit more how the traffic flow goes?