Home / server / Questions / 168142
In Process
virtualeyes
Asked: 2010-08-08 13:55:57 +0800 CST

ESXi :: Management Console on Private IP over VPN

  • 772

I am successfully able to VPN in to our remote network and access vSphere management console over a private IP, thus locking down console management from outside world, nice.

Problem is that vmKernel is not able to get access to NTP time servers since gateway is private.

Now, with a Linux test VM I am able to take a single physical NIC and create 2 virtual NICs, one for private, the other public (gateway on public). Then, adding a static route to the VM for VPN client subnet allows traffic to flow back out of the firewall, works great.

Is it possible to do the same with vmKernel, dedicating a single physical NIC to both private & public traffic, adding static route(s) accordingly? If not, can this be pulled off with 2 physical NICs? (shame to use 2 physical NICs just for console though)

Goal is to lockdown console access from outside world while still allowing vmKernel to get NTP updates and whatever else ESXi needs to remain up-to-date (firewall is an ASA 5505, btw)

Ideas appreciated, am loving the transition from bare metal to virtual ;--)

vpn console vmware-esxi

1 Answers

  1. Two ways to go:

    1. Configure your firewall, so it allows the ESXi server to pull NTP data from the internet, but nothing else
    2. Install an ntp virtual appliance on your ESXi box. Have that appliance get the NTP data from the internet, and your ESXi box its NTP data from the appliance.

    --jeroen

    • 1