Search the VMware Knowledge Base (KB)
View by Article ID

Using NAT between the vCenter Server system and ESXi/ESX hosts (1010652)

  • 37 Ratings

Details

Each time you add an ESXi/ESX host to vCenter Server, the IP address of vCenter Server is recorded on the ESXi/ESX host. If the host is behind a NAT and the vCenter Server is on a different network (and thus the address is not accessible due to the NAT), the host disconnects from vCenter Server after about a minute.

For example, the vCenter Server system might be on the main network (10.10.10.0), and a few of the ESXi/ESX hosts might be behind a firewall in the 192.168.5.x network. The hosts cannot reach the main network and thus become disconnected from vCenter Server.

Solution

Using NAT between the vCenter Server system and ESXi/ESX hosts is an unsupported configuration. For more information on network requirements, see the Network Prerequisites section under the Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server section in the vSphere Installation and Setup guide.

Workaround

Note: This workaround is provided to aid customers in complex environments. It is an unsupported configuration. VMware will only provide best effort support for this configuration.

As a workaround, for each ESXi/ESX host you can specify a reachable address that the host can use to communicate back to vCenter Server. In this case, the reachable address is the NAT address, which you configure to redirect the communication back to vCenter Server.

To configure the IP address to use, you can use two settings named serverIP and preserveServerIp. With these settings, you can statically set an IP address, which the ESXi/ESX host will use to communicate back to the vCenter Server.

Note: For ESX 3.5 and VirtualCenter 2.5, Update 3 supports this solution. Install Update 3 before implementing this solution.

  1. Ensure that the NAT device is configured to redirect UDP traffic on port 902 to the vCenter Server.
  2. Add the ESXi/ESX host to the vCenter Server inventory.

    Note: This causes the vCenter agent (vpxa) service to be installed on the host.

  3. Log in to the ESXi/ESX host as root.
  4. Navigate to the /etc/opt/vmware/vpxa/ directory in the ESXi/ESX file system.

    Note: In ESXi 5.x/6.0, navigate to /etc/vmware/vpxa.

  5. Open the vpxa.cfg file using an text editor.
  6. In the file, change the serverIp setting and add the preserveServerIp setting. For the serverIP tag, enter the NAT IP address.

    For example:

    <config>
       <vpxa>
          ...
          <serverIp>NAT_IP_address</serverIP>
          <preserveServerIp>true</preserveServerIp>
       </vpxa>
       ...
    </config>


  7. Save the changes and close the file.
  8. Restart the vCenter agent service by running this command in the ESXi/ESX service console/SSH session:

    For ESX:

    # service vmware-vpxa restart

    For ESXi:

    # services.sh restart

  9. Reconnect the ESXi/ESX host.
Note: Consider this scenario: The ESXi/ESX host and the vCenter Server are behind different NATs, the main subnet is 10.10.10.0, the ESXi/ESX host is behind a firewall in the 192.168.5.x network, and the vCenter Server is behind a firewall in the 172.18.20.x network. If you have the underlying network configured so that the 172.x network knows where to direct traffic from the 192.x network, the configuration might work. However, the general use case for this article is not a double NAT.

Additional Information

For translated versions of this article, see: 

Tags

nat-vcenter-esx-esxi

Update History

05/25/2010 - Emphasized that using NAT between the vCenter Server system and ESX hosts is an unsupported configuration. 11/28/2011 - Added ESXi 5.x to Products 01/19/2016 - Added ESXi and vCenter Server 6.0 to Products. 1/6/2017 - Added ESXi and vCenter Server 6.5 to Products.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 37 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 37 Ratings
Actions
KB: