VMware Cloud Community
witchbutter303
Contributor
Contributor
‎11-15-2016 03:53 PM

vSphere Web Client behind a NAT

My company is being required to NAT traffic by a parent company that owns an internal subnet we use.  It so happens that vCenter Server is on this subnet, therefore to reach vSphere Web Client we will have to use a NAT'd IP.  In vSphere Web Client it appears to try to redirect once I log in and after that fails to work because it is trying to use it's internal IP.  Is there a way to configure vCenter Server to use the NAT IP as a proxy in the "proxy settings" section of the config?  Is there a way in flat files on the vCenter server to specify to allow this NAT? 

So far searching NAT issues related to vCenter only gives results about NATs between ESXi hosts and vCenter server which is not the issue I'm talking about, the issue is how we as admins reach the vCenter server to perform management tasks.

vCenter and all ESXi hosts are 6.0U2

0 Kudos
3 Replies
Madmax01
Expert
Expert
‎11-16-2016 06:19 AM

Hi there,

the main Problem is that Vmware is not Supporting this Configuration.  i opend several times a Ticket on theire Side with same Question.

So vSphere6 is having an own Proxy. so you don't talk with the Webclient directly anymore like before on 5.5.   you talk with the PSC and he redirect it.

i solved this Problem with an seperate Proxy (nginx).  So nginx is having an External IP and an internally IP which talks with vcenter.  so he redirects then correctly.

i have same Setup with 6.0U2.

But it's not supported overally ;(

thx

Max

0 Kudos
witchbutter303
Contributor
Contributor
‎11-16-2016 08:04 AM

If there is an internal proxy in the appliance, there has to be a way to configure it or the product wouldn't work.  Does anyone know how to do this?

0 Kudos
Madmax01
Expert
Expert
‎11-16-2016 09:22 AM

Hi there,

so i just want to point that Vmware don't give any support on that.

Personally from my Sight > i have Windows vCenter in use.

i would suggest you don't touch the configs inside the Appliance or Windows Version.

Possible to break something.

you could easy archive it with external Proxy and keep the vCenter (appliance or Windows)  isolated and untouched


Best regards

Max

0 Kudos