Details
Each time you add an ESX host to vCenter Server, the IP address of vCenter Server is recorded on the ESX host. If the ESX host is behind a NAT and the vCenter Server is on a different network (and thus the address is not accessible due to the NAT), the host disconnects from vCenter Server after about a minute.
For example, the vCenter Server system might be on the main network (10.10.10.0), and a few of the ESX hosts might be behind a firewall in the 192.168.5.x network. The hosts cannot reach the main network and thus become disconnected from vCenter Server.
Solution
Using NAT between the vCenter Server system and ESX hosts is an unsupported configuration.
As a workaround, you can specify for each ESX host a reachable address that the host can use to communicate back to vCenter Server. In this case, the reachable address is the NAT address, which you configure to redirect the communication back to vCenter Server.
To configure the IP address to use, you can use two settings called serverIP and preserveServerIp. With these settings, you can statically set an IP address, which the ESX host will use to communicate back to the vCenter Server.
Note: For ESX 3.5 and VirtualCenter 2.5, Update 3 supports this solution. Install Update 3 before implementing this solution.
-
Make sure the NAT device is configured to redirect UDP traffic on port 902 to the vCenter Server.
-
Add the ESX host to the vCenter Server inventory.
Note: This causes the vCenter agent (vpxa) service to be installed on the host.
-
Log into the ESX host as root.
-
Navigate to the /etc/opt/vmware/vpxa/ directory in the ESX file system.
-
Open the vpxa.cfg file in a text editor.
-
In the file, change the serverIp setting and add the preserveServerIp setting. For the serverIP tag, enter the NAT IP address. For example:
<config>
<vpxa>
…
<serverIp>[NAT_IP_address]</serverIP>
<preserveServerIp>true</preserveServerIp>
</vpxa>
…
</config> -
Save the changes.
-
Restart the vCenter agent service by running the following command in the ESX service console:
service vmware-vpxa restart OR /sbin/services.sh restart For ESXi Hosts
-
Reconnect the ESX host.
Note: Consider this scenario: the ESX host and the vCenter Server are behind different NATs, the main subnet is 10.10.10.0, the ESX host is behind a firewall in the 192.168.5.x network, and the vCenter Server is behind a firewall in the 172.18.20.x network. If you have the underlying network configured so that the 172.x network knows where to direct traffic from the 192.x network, the configuration might work. However, the general use case for this article is not a double NAT.
Update History
05/25/2010 – Emphasized that using NAT between the vCenter Server system and ESX hosts is an unsupported configuration.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.