External only NAT for Vmware?
Hello and thank you for your time,
I have a host machine with 10 NICs and I am trying to set up a virtual Windows Domain (complete with DC, DNS, Exchange, workstations, etc) and I want it to be completely seperate from the rest of my network. I am having some trouble figuring out how to make this happen.
I have been able to make the VM's talk to eachother and the rest of the corporate network but, I want to cut off access to the corporate network. My initial thought was to set vmnet9 to be bridged directly to one of the NICs (Intel 5) and have that NIC plugged into my external firewall. However, I could not figure out what IP addresses to assign to the virtual network adapter and the physical network adapter. Let's say I want to use 172.16.1.0/24 as my virtual network address space, what IP do I assign to the physical network adapter? What IP do I assign to the firewall port? Keep in mind that there will be multiple VM's on this network, so do I need to setup NAT? If I use vmnet8, then they will have access to the internal network (which is exactly what I don't want).
Any assistance you can provide would be greatly appreciated!
I have a host machine with 10 NICs and I am trying to set up a virtual Windows Domain (complete with DC, DNS, Exchange, workstations, etc) and I want it to be completely seperate from the rest of my network. I am having some trouble figuring out how to make this happen.
I have been able to make the VM's talk to eachother and the rest of the corporate network but, I want to cut off access to the corporate network. My initial thought was to set vmnet9 to be bridged directly to one of the NICs (Intel 5) and have that NIC plugged into my external firewall. However, I could not figure out what IP addresses to assign to the virtual network adapter and the physical network adapter. Let's say I want to use 172.16.1.0/24 as my virtual network address space, what IP do I assign to the physical network adapter? What IP do I assign to the firewall port? Keep in mind that there will be multiple VM's on this network, so do I need to setup NAT? If I use vmnet8, then they will have access to the internal network (which is exactly what I don't want).
Any assistance you can provide would be greatly appreciated!
ASKER
Ok, but how do I configure vmware to use this private network? More importantly, how do i configure the physical NIC?
I will check out Lab Manager and let you know what I find.
I will check out Lab Manager and let you know what I find.
My apologies for any delays in responces, Mondays are hell days here.
What version of ESX you running? VC?
What version of ESX you running? VC?
ASKER
I am running VMware Server 1.0.4 build 56528
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I can't even get one machine to be able to get to the internet. I can't even ping the default gateway.
Here's what I've done so far (which doesn't work, btw) -
On the VM Console: I set VMnet9 bridged to Intel 5. NAT is still set to VMnet8. DHCP is not configured for VMnet9.
On the first VM pc: I set a static IP to 192.168.139.25/24 with gateway 192.168.139.1 (dns 4.2.2.2) Ethernet configuration is set to vmnet9.
On Host: Intel 5 is connected directly to the firewall and has the following IP info: 192.168.139.2/24 gateway: 192.168.139.1 (dns 4.2.2.2)
On Firewall: Cisco ASA port 4 has IP of 192.168.139.1/24
I cannot ping the DG from the VM. What am I doing wrong?
Here's what I've done so far (which doesn't work, btw) -
On the VM Console: I set VMnet9 bridged to Intel 5. NAT is still set to VMnet8. DHCP is not configured for VMnet9.
On the first VM pc: I set a static IP to 192.168.139.25/24 with gateway 192.168.139.1 (dns 4.2.2.2) Ethernet configuration is set to vmnet9.
On Host: Intel 5 is connected directly to the firewall and has the following IP info: 192.168.139.2/24 gateway: 192.168.139.1 (dns 4.2.2.2)
On Firewall: Cisco ASA port 4 has IP of 192.168.139.1/24
I cannot ping the DG from the VM. What am I doing wrong?
ASKER
OK, I made some progress!
I was checking my firewall config and found that the port was disabled, DUH!
I enabled it and can now get out to the internet from my VM. I can't believe I missed that.
I am awarding points because you were willing to help!
I was checking my firewall config and found that the port was disabled, DUH!
I enabled it and can now get out to the internet from my VM. I can't believe I missed that.
I am awarding points because you were willing to help!
ASKER
Thank you!
Thanks :) Sorry I couldnt be more help quicker :)
If you are running managed switches, you could setup your corp network on its own VLan and setup a trunk port to Internet access essentially segmenting the traffic and any broadcasts from the other side of your network.