This is my first post on this message board, please be a little patient...
I have a number of ESX hosts that are connected to the VI Centre.
Everything seems to work ok. I can use the Web Interface to get a console on virtual machines.
Then, I have assigned a public IP address to the VI Centre. I can connect to
the VI Centre on the public IP address. Everything looks fine, i.e. I can see
the Inventory of Virtual Machines. However, when I try and open a console
I get the message below.
"Cannot connect to the virtual machine.
Cannot connect to host 10.128.49.16: A socket operation was attempted to an unreachable host
Try Again "
10.128.49.16, off course, is not available from the 'outside' interface of the
firewall because it is an 'inside' address.
In other words, I want to make remote consoles available through
the VI Centre's web interface on the firewall's outside interface. I want all
ESX hosts to appear behind the one IP address of the VI Centre. How can this be done?
Also a console connection to a VM is not through VC but directly to the ESX server itself on port 903.
Using VM Remote Console over NATd Network - http://www.vmware.com/community/thread.jspa?threadID=87453&messageID=661225#661225
What TCP/IP ports are used by ESX, VirtualCenter and the License Server?
The ports that are used are very well documented in the Server Configuration guide on pages 183 188 http://www.vmware.com/pdf/vi3_301_201_server_config.pdf
Heres a summary of the core TCP/IP ports:
o Port 80 HTTP access - The default non-secure TCP Web port typically used in conjunction with port 443 as a front end for access to ESX Server networks from the Web \[Incoming TCP]
o Port 443 HTTPS access - The default SSL Web port used for Connection to VI Web Access from the Web, VI Web Access and third-party network management client connections to the VirtualCenter Server and direct VI Web Access and third-party network management clients access to ESX Server hosts \[Incoming TCP]
o Port 902 - Authentication traffic for the ESX Server host and virtual machine configuration - Used for VI Client access to the VirtualCenter Server, VirtualCenter Server access to ESX Server hosts, direct VI Client access to ESX Server hosts and ESX Server host access to other ESX Server hosts for migration and provisioning \[Incoming TCP] \[Outgoing UDP]
o Port 903 - Remote console traffic generated by user access to virtual machines on a specific ESX Server host - Used for VI Client access to virtual machine consoles and VI Web Access Client access to virtual machine consoles \[Incoming TCP]
o Port 2049 - Transactions from your NFS storage devices - Used on the VMkernel interface rather than the service console interface \[Incoming TCP] \[Outgoing TCP]
o Ports 2050-5000 - Traffic between ESX Server hosts for VMware High Availability (HA) and EMC Autostart Manager \[Outgoing TCP] \[Incoming UDP] \[Outgoing UDP]
o Port 3260 - Transactions from your iSCSI storage devices - Used on the VMkernel interface rather than the service console interface \[Outgoing TCP]
o Port 8000 - Incoming requests from Vmotion - Used on the VMkernel interface rather than the service console interface \[Incoming TCP] \[Outgoing TCP]
o Port 8042-8045 - Traffic between ESX Server hosts for HA and EMC Autostart Manager \[Outgoing TCP] \[Incoming UDP] \[Outgoing UDP]
o Port 27000 - License transactions from ESX Server to the license server - \[Outgoing TCP]
o Port 27010 - License transactions from the license server - \[Incoming TCP]
Additional optional ports:
o Port 22 Used by ESX for SSH server access - \[Incoming TCP]
o Port 123 Used by ESX if you setup NTP to sync from a time source - \[Outgoing UDP]
Fyi if you find this post helpful, please award points using the Helpful/Correct buttons.
Visit my website: http://vmware-land.com