Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Virtualiation: Network connection between Virtual Machines (theory applies to both VMWARE & Virtual Server 2005)

Posted on 2007-03-26
Medium Priority
Last Modified: 2012-05-05

I have read up on quite a few posts, but could not find a solid answers which I could really bank on.  For the entire weekend, I have been draw, draw, and redraw my network diagram.  My mind is going in circle and I am hoping someone could help.  I am doing my best to avoid a trip to a psychiatrist <grin>


Current configurations (inbound):

PIX-525 ----> External Cisco Switch1 -----> Internal Cisco Switch2 ---> HOSTs

Scenario 1:

*** NIC1 is connected to External Switch1, NIC2 is connected to Internal SWitch2
- VM1: MS Small Business Server with ISA 2004 (to server as application server)
- VM2: WINXP PRO (as workstation)

*** BOTH NICs are connected to Internal Switch2
- VM1: WINXP PRO (as workstation)
- VM2: WINXP PRO (as workstation)

Scenario 2:

Similar to Scenario 1, but the HOST B VM1 is now a
MS Small Business Server with ISA 2004 (to serve as application server). This VM1 in HOST B now acts as a firewall.


a) I would like for the HOSTS to be on a different subnet.  Example, right now it is assigned to 192.168.1.x range.

b) The host will need to see each other.

c) The VMs need to see each other, but does not need to see the host.

d) The VMs need access to the internet.

e) The HOSTS also need access to the internet.

f) From outside, we also need VPN access to both the host and the VMS.

*** Please suggest the best method to configure this Virtualization network based on the current set-up & purposes.


a) I am sure we are not the first to have this need.  In brief, how are the VMs be able to communicate with each other on a different subnets from the hosts.

b) The reason as to why I created Scenario 2 with the VM1 as the ISA are: Second backup ISA and second backup eMail server (fail over).  Is this not the right way to do it?

c) I saw a post which suggested to let VMs bridge through the server NIC, then remove all services and leave only virtual machines.  But doing so also leave my hosts inaccessible to the internet and other hosts.  Any suggestions?

d) I am thinking of installing another NIC (NIC3) to HOSTA and assigned IP in the same subnet as NIC2 (192.168.1.x).  Then I also assign the same subnet IP to NIC2 on HOSTB (192.168.1.x). Next, I remove all services in the NIC properties and leave only virtual machines access.  Is this one way to do it?

This mean I am having all of the VMs on the same subnet, but they can only see each other and does not have access to the hosts (even on the same subnet).  Am I correct or is this a crazy way to do it?

Thank you very much in advance for your help.
Question by:impire
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Author Comment

ID: 18793023
I also would like to add another question to section 3) Other Questions:

3e) If I were to adopt scenario 2, how would I configure the two ISA servers to allow the VMs to communicate with each other.

Please enlight me on the simplest method to configure this network.  My mind is already in a maze.  Thanks very much.
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18793155
What are you running as your HOST operating system?  Because you can certainly use SBS as the HOST OS, and then just run a single VM on top of that as detailed in this paper:  http://sbsurl.com/vs

Also, what do you mean by "to server as application server" with regards to your SBS with ISA 2004 setup?  SBS is not really an application server... although you can run some apps on it.  

Then my next question is... have you ever installed a virtual server and virtual machine before?  Because from the tone of your question I'm assuming that you haven't and if not, you need to do that as a test... just a single host, running either SBS or Server 2003 Standard and a couple of virtual machines.  Doing this will help you to better understand how virtualization works (including how to use Virtual Network Interfaces if you like -- avoiding that 3 NIC setup you are talking about).

LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 18793163
Also... you NEVER want TWO ISA servers on the same network... talk about a nightmare!  


Author Comment

ID: 18793468
Hi Jeff,

Thanks for the quick response.  I am running W2K3 Enteprise with PAE enabled (supports above 4GB RAM).  I would love to use use the SBS as my host but SBS have a limitation of 3GB RAM.  Most of our hosts have a minimum of 6-GB RAM.  Also, the article you sent are for VS, I am using VMWARE. Another guy in our department did the extensive research between the two and they settled on VMWARE.  It's not up to me to choose the Virtualization software.

"to server as application server" was a typo.  I meant "to serve as application server".

Yes, I have installed quite a few VMWare machines.  Networking between the VMs and the Host is never a problem.  However, my questions are related to networking between the VMs residing in different hosts... and on different subnet.  

We do not want the VMs to have access to the hosts, only the hosts can have access to the VMs.  This gets complicated and I've tried searching different forums but found mixed answers.  Perhaps you can point me in the right direction as to make this as simple as simple can be.  Thanks.
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18821769
SBS does not have a limit of 3GB of RAM, it's 4GB.  Not sure where you heard that.  Also, whether your comment was a typo or not, you cannot use SBS merely as an application server... as my comment stated.

As for one-way TCP/IP access... tht is tricky... because to cut off the round-trip means that sometimes the VM cannot respond to a request which requires a response to continue.  You'll have to define what KIND of access you need from the hosts to the virtual machines because of course you always have a VM Control Panel, but if it needs to be automated, that's another story.  Post a question to that effect and we can discuss.


Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question