Using NAT between the vCenter Server system and ESX hosts

Each time you add an ESX host to vCenter Server, the IP address of vCenter Server is recorded on the ESX host. If the ESX host is behind a NAT and the vCenter Server is on a different network (and thus the address is not accessible due to the NAT), the host disconnects from vCenter Server after about a minute. 

For example, the vCenter Server system might be on the main network (10.10.10.0), and a few of the ESX hosts might be behind a firewall in the 192.168.5.x network. The hosts cannot reach the main network and thus become disconnected from vCenter Server.

Using NAT between the vCenter Server system and ESX hosts is an unsupported configuration.

As a workaround, you can specify for each ESX host a reachable address that the host can use to communicate back to vCenter Server. In this case, the reachable address is the NAT address, which you configure to redirect the communication back to vCenter Server.

To configure the IP address to use, you can use two settings called serverIP and preserveServerIp. With these settings, you can statically set an IP address, which the ESX host will use to communicate back to the vCenter Server.

Note: For ESX 3.5 and VirtualCenter 2.5, Update 3 supports this solution. Install Update 3 before implementing this solution.

Note: Consider this scenario: the ESX host and the vCenter Server are behind different NATs, the main subnet is 10.10.10.0, the ESX host is behind a firewall in the 192.168.5.x network, and the vCenter Server is behind a firewall in the 172.18.20.x network. If you have the underlying network configured so that the 172.x network knows where to direct traffic from the 192.x network, the configuration might work. However, the general use case for this article is not a double NAT.