VMware Cloud Community
perecullera
Contributor
Contributor
‎01-23-2009 03:10 AM
Jump to solution

Network Issue with VC 2.5

Hello,

We have a few esxi and esx on our LAN network and everything is working fine.

We also have two server on our DMZ network and we have the same VC that controls them, but we are facing some connection issue. A few minutes after the connection is established are discconnected of VC.

In the other hand, if we connect through VI directly to these servers everything is working fine and we don't lose the connection.

Any idea of what is probably going on?

Our LAN network is 10.95.96.0/20

Our DMZ network is 10.95.93.0/25

The log's of VI and ESX of these servers doesn't show relevant information:

==> hostd.log <==

Event 2201 : User vpxuser@127.0.0.1 logged in

Task Created : haTask--vim.AuthorizationManager.setEntityPermissions-38414

Task Completed : haTask--vim.AuthorizationManager.setEntityPermissions-38414

: User vpxuser

Event 2202 : User vpxuser@127.0.0.1 logged in

Event 2203 : User vpxuser logged out

..................................

Any idea of what checks can I do?

Thanks for your help

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
Lightbulb
Virtuoso
Virtuoso
‎01-23-2009 06:23 AM
Jump to solution

Check firewall

443 from VC to hosts (I assume 902 is up)

Also from ESX --> VC make sure you are allowing 27000 & 27010

You may need to remove and add your DMZ ESX hosts to VC

View solution in original post

0 Kudos
3 Replies
Lightbulb
Virtuoso
Virtuoso
‎01-23-2009 06:23 AM
Jump to solution

Check firewall

443 from VC to hosts (I assume 902 is up)

Also from ESX --> VC make sure you are allowing 27000 & 27010

You may need to remove and add your DMZ ESX hosts to VC

0 Kudos
perecullera
Contributor
Contributor
‎01-23-2009 07:16 AM
Jump to solution

Hello,

You were right, it's a firewall issue but from our network, connections iniciated on the DMZ are not allowed to the LAN.

I've noticed that ESX host is doing some kind of hertabeat or checks through port 902/udp to the VC client and these packets are filtered.

So I guess that VC thinks that the ESX is down but it's not really down.

Anyone know a workaround for this without changing our firewall policy?

Thanks.

0 Kudos
Lightbulb
Virtuoso
Virtuoso
‎01-23-2009 07:22 AM
Jump to solution

902 UDP is kind of a deal breaker. You need to reconfigure your firewall to allow the traffic from these two ESX hosts. You can make the rule pretty specific ( 2 hosts 902 UDP only --> VC server) so as to lessen attack surface.

0 Kudos