Announcement

Collapse
No announcement yet.

Connecting to two different network on single ESXi (Internal LAN and DMZ)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Connecting to two different network on single ESXi (Internal LAN and DMZ)

    Hi All,

    I've got two separate network one is our internal LAN and the other is our DMZ (external facing) and i want to connect to both network to publish a VM to the outside world.

    Internal LAN:
    NIC IP : 10.2.2.12
    SN mask: 255.255.254.0
    gateway: 10.2.2.1

    DMZ IP as of previous configuration:
    NIC IP : 10.2.1.130
    SN mask: 255.255.255.128
    gateway: 10.2.1.129

    The Host server got 2 On board NIC and at the moment I've successsfully register the ESXi host on my vCenter and do everything else on my LAN network after disconnecting my other NIC connected to DMZ.

    is this achievable in the real world ? considering both of the network got different IP address range and Subnet mask.

    My understanding is that:

    One vSwitch must have one IP address after that i can add one pNIC and then create VMNetwork and assign that VMNetwork into the VMs cmiiw


    Kind Regards,
    AWT

  • #2
    Re: Connecting to two different network on single ESXi (Internal LAN and DMZ)

    you should use different vSwitch for each NIC
    it's all

    Comment


    • #3
      Re: Connecting to two different network on single ESXi (Internal LAN and DMZ)

      Thanks for the reply However, I've created 2 vSwitches but somehow I don't know where to configure the IP for the DMZ network ?

      see the attached, I've published the Linux VM to the DMZ in this way it supposed to be secure as this VM is segregated inside vSwitch1 in the DMZ only.
      Attached Files

      Comment


      • #4
        Re: Connecting to two different network on single ESXi (Internal LAN and DMZ)

        You have to connect vmnic1 to the physical DMZ Network - and add an IP for the Linux VM that you need.

        The IP on the vswitch is only used for management console or VMkernel.
        (And you should not be connecting your Managment Network port to the DMZ)!
        Maish
        ----------------------------------------------------------
        Technodrone|@maishsk|Author of VMware vSphere Design
        VMware vExpert 2013-2010,VCAP5-DCA/DCD,VCP
        MSCA 2000/2003, MCSE 2000/2003
        A proud husband and father of 3 girls
        ----------------------------------------------------------
        If you find the information useful please don't forget to give reputation points sigpic.

        Have a good one!!

        Comment


        • #5
          Re: Connecting to two different network on single ESXi (Internal LAN and DMZ)

          ok, sounds great

          meaning that the VMKernel shouldn't be in the vSwitch1 (in the DMZ network).

          Thanks for the reply Maish

          Comment


          • #6
            Re: Connecting to two different network on single ESXi (Internal LAN and DMZ)

            Correct, the VMKernel should only be used for vmotion/shared storage (which is not need in your case)
            Maish
            ----------------------------------------------------------
            Technodrone|@maishsk|Author of VMware vSphere Design
            VMware vExpert 2013-2010,VCAP5-DCA/DCD,VCP
            MSCA 2000/2003, MCSE 2000/2003
            A proud husband and father of 3 girls
            ----------------------------------------------------------
            If you find the information useful please don't forget to give reputation points sigpic.

            Have a good one!!

            Comment


            • #7
              Re: Connecting to two different network on single ESXi (Internal LAN and DMZ)

              Originally posted by Maish View Post
              Correct, the VMKernel should only be used for vmotion/shared storage (which is not need in your case)
              Maish, thanks for the reply and your thorough explanations, yes you're right the 10/H connection is directly attached to the CISCO router port.

              So in this case can I say those VM (connected to vSwitch1) are secure as there is no other connection to my internal network. (ESXi console and VCB backup can use vStorage API rather than through mgmt console.)


              Kind Regards,
              AWT

              Comment


              • #8
                Re: Connecting to two different network on single ESXi (Internal LAN and DMZ)

                In saying that you cannot get from the VM into the LAN - all depends on your firewall between these VM's and the internal LAN.

                Secure is as secure as you make it

                But theoretically your assumptions are correct
                Maish
                ----------------------------------------------------------
                Technodrone|@maishsk|Author of VMware vSphere Design
                VMware vExpert 2013-2010,VCAP5-DCA/DCD,VCP
                MSCA 2000/2003, MCSE 2000/2003
                A proud husband and father of 3 girls
                ----------------------------------------------------------
                If you find the information useful please don't forget to give reputation points sigpic.

                Have a good one!!

                Comment

                Working...
                X