Smartik
Contributor
Contributor

Synology ABB failed to connect to vSphere 6 Essentials over WAN

Hello,

we have a customer who has vSphere 6 in version 6.7.0 (Build 8169922) and we want to backup one VM running on it.

We are using Synology Active Backup for Business 2.1.1-1125.

I have successfully added our Free ESXi on the same LAN, where is located our NAS device.

Unfortunately, I can not add the customer´s ESXi 6 essentials. I have read the requirements and limitations and the necessary ports are opened on the ESXi as well as the port forwarding on the customer´s router (MikroTik).

When I am trying to add this hypervisor, every time I get an error: Failed to connect to the host [public ip]. Please check the server address, account settings, and your network settings.

I am trying to connect with the root user, so the rights should be fine.

I can also see, that packets are hitting the NAT firewall rule. (PublicIP:44443 -> LocalIP:443; PublicIP:902 -> LocalIP:902)

So I think, that the problem is on the host itself, but I don´t know, where to find the problem.

Could you help me somehow?

Thank you!

0 Kudos
8 Replies
scott28tt
VMware Employee
VMware Employee

So you're trying to connect your backup software or appliance which is on your network to a customer's ESXi host on their network?

When you say "add this hypervisor", I assume you mean the customer's ESXi host - but what are you actually trying to add it to? What UI are you using? (screenshots would be useful)

0 Kudos
Smartik
Contributor
Contributor

Hello,

thank you for your reply.

Yes, I am trying to add a customer´s ESXi host (on their network) to our Synology Active Backup for Business (on our network).

The goal is to backup the customer´s VM over WAN to our Synology NAS. Synology ABB is an app in NAS and I manage it using a web browser.

Capture1.JPG

Capture2.JPG

Capture3.JPG

Capture4.JPG

Capture5.JPG

When I will successfully add the customer´s ESXi host, I will see all the VMs and will be able to choose, which VM I want to backup.

Something like our Free ESXi in our LAN.

Capture6.JPG

Here is the list of customer´s firewall rules on that ESXi.

Capture7.JPG

Thank you.

0 Kudos
Lalegre
Commander
Commander

Hey Smartik​,

If you connect to your appliance and try to run a telnet over port 44443 are you able to connect?

0 Kudos
Smartik
Contributor
Contributor

Hello Lalegre,

When I have tried telnet <customer´s public IP> 44443 - no luck

I have tried it from our LAN but without success.

On the customer´s ESXi is another VM, which has NAT rule with port 443.

When I have tried from our LAN telnet <customer´s public IP> 443 - successfully connected.

Thank you.

0 Kudos
Lalegre
Commander
Commander

Hey,

So definitely the DNAT rule is not correctly applying or there is an issue there. Make sure that you only have one DNAT rule using port 44443 as if don't it will not work.

Also make sure you are allowing your source Public IP from where you are being SNATed to access that Public IP on port 44443.

0 Kudos
Smartik
Contributor
Contributor

Hello,

DNAT should be fine as I have other ones, which are working fine. I have also only one DNAT rule with port 44443.

Sure, I have allowed our source Public IP, but even without it, it is not working.

Do you have any other ideas, what I am missing or what should be bad?

Thank you.

0 Kudos
Lalegre
Commander
Commander

I do not know how your construction is to be honest but the issue you are facing is clearly connectivity and is getting dropped in some point, could you give us a quick diagram or explain a little bit more how the traffic flow goes?

0 Kudos
Smartik
Contributor
Contributor

Hello,

I am sorry for my late response...

Here is a diagram:

 

Smartik_0-1605175425406.png

 

I hope, it will be somehow useful.

Thank you.

0 Kudos