VMware vSphere

 View Only

  • 1.  Change IP address on two ESXi hosts from public to private

    Posted Dec 01, 2021 01:27 PM

    Hello everyone!

    I only want to hear if I am right, and I would be happy if you can help me if Im not!

    We have 2 x ESXi 7.0u2 hosts with public IP address at the moment.
    We want to change the public IP addresses to private IP addresses and access the ESXi webinterfaces only with VPN/private IPs.
    We've already changed the IP addresses of the HP iLO hosts successfully.
    Now in the last step we want to change the ESXi IPs.

    I hope that I am right with following steps:

    1. I disconnect the ESXi hosts from vCenter in the ESXi web client
    2. ESXi web client -> Network -> VMKernel-Network -> Change Settings -> Change IPv4 address -> Apply
    3. I hope I dont need to restart the whole ESXi servers. But I think I have to restart the network service.
    4. Change the IP address of the vCenter (how to I need to research now) and eventualy restart the network service.
    5. Add the ESXi machines again to the vCenter

    Following thoughts I have:
    a. We will attach a 2nd hardware-network-card to the network for access to the private network on both machines. Maybe I have to add the Uplink at the virtual switch on the ESXi webinterfaces? (I think I have to)
    b. I have to change the TCP/IP-stack before I apply the changes on the ESXi machines? (between step 2 and 3) - there I have to change the subnetmask and the gateway

    I hope I did not forget something and I would be happy if you answer!

    A wish good week! Kind regards!



  • 2.  RE: Change IP address on two ESXi hosts from public to private

    Posted Dec 02, 2021 01:30 PM

    Hello again!

    I tried it on the ESXi machine which doesnt have production data, without success.

    Our setup:

    We use 2 network ports
    - one for the internet data (is currently in use - public IP address (the webinterface/ESXi and the VMs have public IPs))
    - one new attached with VLAN and VPN (private IP address network)

    Our problem:

    We dont know how to configure the network settings that for
    - the VMs are plugged with public IP address to the internet (LAN-port 0)
    - We only can access the webinterface of ESXi from the private VPN/V-LAN network/LAN-port 1

    We was at the point that the device is running on LAN-port 1 with an private IP address and we was able to access the webinterface from this private IP/VLAN/VPN.
    But then the VMs cant access the internet anymore.
    (we changed the IP address/subnetmask/gateway on the remote console/customize system)

    I would be very happy if someone has ideas/tips/solution for me!

    I wish a good day! Sincerly yours!

    (P.S.: we want that we only can access the ESXi webinterface from the LAN-port 1 which is in a VLAN with VPN. This port is plugged in since yesterday
    And we want that the VMs can access the internet with their public IPs as they do now from the LAN-port 0 which is currently in use)



  • 3.  RE: Change IP address on two ESXi hosts from public to private

    Posted Dec 02, 2021 05:12 PM

    How does the virtual network look like at the moment?
    Please post a screenshot that shows the vSwitch and port groups (consider to gray out the public Management IP address).

    André



  • 4.  RE: Change IP address on two ESXi hosts from public to private

    Posted Dec 03, 2021 07:22 AM

    Here are screenshots.

    Thank you!

    P:S.: When we was at the point that we can access the webinterface from the 2nd NIC-port with VLAN/private IP/VPN, the internet was not working anymore for  the VMs on the other NIC-port. Maybe we was near at the right solution



  • 5.  RE: Change IP address on two ESXi hosts from public to private

    Broadcom Employee
    Posted Dec 03, 2021 08:54 AM

    If you had your ESXi hosts connected to the internet with public IP addresses, I would recommend getting a VMware consultancy partner involved to be honest. This is so far removed from any best practices and so insecure, that you should get an expert to explain how this works.



  • 6.  RE: Change IP address on two ESXi hosts from public to private
    Best Answer

    Posted Dec 03, 2021 05:49 PM

    Ok, let's see whether this works:

    Current configuration:
    1 vSwitch with 2 port groups (Management Network, VM Network)

    • Login to iLO an open the host's console window
    • Login to the ESXi DCUI and change the Management Network settings
      - from vmnic0 > vmnic1
      - IP and DNS settings from public addresses to private (VPN subnet) settings

    At this point you should be able to access the ESXi host's web UI from your VPN subnet, and the VM's are inaccessible from the Internet.

    • Login to the ESXi host's Web UI
    • Create a new vSwitch with a new virtual machine port group (e.g. "Evil-Internet"), and select vmnic0 as its uplink
    • Change the VM's network connections from "VM Network" to "Evil-Internet" for VMs that need to be accessible from the Internet

    New configuration:
    2 vSwitches, One with the Management Network and "internal" VMs on vmnic1, and one for the Internet VM's on vmnic0

    Note: The above steps are just technical steps to change the setup to what you are asking for, and do not take any security concerns into account. I don't know what kind of VMs you have, which need to be accessed from the Internet, but you should think about placing them behind some kind of firewall.

    André



  • 7.  RE: Change IP address on two ESXi hosts from public to private

    Posted Dec 07, 2021 02:51 PM

    Thank you!

    This was the solution and easy! 

    I've tried it on one ESXi without production VMs and it worked.

    Some minutes ago I changed it back because I did not remove the ESXi from the vCenter before.
    Now I'll wait some minutes and I hope that it will work without problems to remove the ESXi in the vCenter webinterface with "Remove from Inventory"

    Thank you again!