[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 383
  • Last Modified:

best practice for viclient through a firewall

I am setting up a vsphere 5 test rig with remote access and currently have port 443 sent to my esx server that has vcenter server on and have found out that 902 and 903 need port forwarding for the vm's in viclient console and as the vm's will be on multiple dhcp addresses and static how do I forward port 902 and 903 if the router doesn't like 192.168.1.255 ie all the machines
0
IanTh
Asked:
IanTh
  • 8
  • 4
1 Solution
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
See here for ports that need forwarding

http//:kb.vmware.com/kb/1012382

Personally, I do not think that the vSphere Client functions very well directly through firewalls, and we setup as follows:-

We create poor mans' SSL VPN for some clients as follows

1. Management VM on the vSphere Host, this can be an XP Professional or WIndows 2003 Server.
2. Install WinSSHD for free (http://www.bitvise.com/winsshd)
3. If you want to do it the hard way, you can then use Putty, to SSH to Port 443 on your SSH server, you can use Windows Firewalls to Block all IP addresses on the Internet, other than your Private Management IP Address, and also use WinSSHD to limit IP access as well. (you can use Local Administrator or Domain Accounts for SSH Authentication).
4. Then use RDP via SSH

So any RDP client can establish a secure encrypted session via the Internet, via Port 443 (or any other TCP port).

5. Once you are connected via RDP, then launch vSphere Client on the Remote Host.
6. You can use http://www.bitvise.com/tunnelier-download, if you do not want to do Putty.

Otherwise 2X Thin Client Application Server for Free (up to 3 Users, when registered).
0
 
IanThAuthor Commented:
just waitiing for my intended server 2003 r2 server for vcenter server to finish windows update
and I will try winsshd

one question if I do it that way the server is the vpn endpoint yes ? so the router doesn't need to be a vpn router ? I think it is though
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Correct.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
IanThAuthor Commented:
if the router is vpn I just have to doing it for vpn though yes?
0
 
IanThAuthor Commented:
according to the features of the router its vpn cab be
PPTP, L2TP, IPSec (ESP Head)
what does ESP head mean
is ipsec the best to use
0
 
IanThAuthor Commented:
found out esp is the way to go how would I get esp working if I set up esp by the vsphere servers and the remote routers for viclient as it wont need any port forwards 443, 902 and 903
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
If you have VPN on router, yes use that, as the End Point, and just VPN into your LAN.
0
 
IanThAuthor Commented:
I am seing my mate who will be using vpn into my lan as I have moved the servers to a different office with a better router so seing tonight what his router has in its vpn setup

Anyway can you tell me how to add another vnic use that for the vm's including the dc usign dhcp not getting onto the lan as there is already a dhcp server so I just want the virtual dc to do dhcp for the vm's alone  
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
That's another question.
0
 
IanThAuthor Commented:
ok asking now
0
 
IanThAuthor Commented:
done
0
 
IanThAuthor Commented:
as always
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

  • 8
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now