VMware vSphere

 View Only

  • 1.  Networking VMs on a fully Isolated switch

    Posted Mar 23, 2016 05:06 PM

    Hi everyone,

    I'm trying to reproduce the environment of several production servers.  It is critical that these servers are never placed on our production network.  With this in mind I have created a new vSwitch which has no network adapters attached to it.  I have created several port groups which match the vlans of the production servers such as:

    Server1

    ISO_VLAN5

    IP        192.168.5.10

    SUB    255.255.255.0

    GW      192.168.5.1

    Server2

    ISO_VLAN3

    IP       192.168.3.10

    SUB   255.255.255.0

    GW    192.168.3.1

    These VMs are both on different IP ranges (static IPs) with different gateways in production.  My question is, how can I establish connectivity between these VMs since they are on different IP ranges?  Do I need to use another VM as a gateway of some kind, or is there a way within VMware to network them that I'm not thinking of?

    Thanks.



  • 2.  RE: Networking VMs on a fully Isolated switch
    Best Answer

    Posted Mar 23, 2016 05:24 PM

    What you'll need is a virtual router VM. I'm using pfSense, which is pretty easy to deploy and configure.

    André



  • 3.  RE: Networking VMs on a fully Isolated switch

    Posted Apr 28, 2016 01:33 PM

    Hi Andre,

    I was wondering if you could help me figure out what I'm doing wrong.  Clients on VLAN ISO603 can't ping their gateway or clients on the other VLAN, VLAN ISO605.  Clients on VLAN ISO605 don't appear to have any issue reaching clients on VLAN603 and they are able to ping their own gateway.  Basically, ISO605 is working perfectly, I just need ISO603 to start working the same way.

    Here is how I configured pfsense:

    This is how the vSwitch is configured:

    ISO603 client:

    ISO605 client:

    But what really blows my mind is that I have two windows 2008 R2 clients which are able to ping clients in ISO605, I have no idea how these are working then they can't ping their own gateway either, and they are not able to ping a Windows 2012 R2 server on ISO603, only Windows 2008 R2:

    Am I missing something obvious?



  • 4.  RE: Networking VMs on a fully Isolated switch

    Posted Apr 28, 2016 06:46 PM

    I currently on't have access to a pfSense installation. Anyway, IIRC the LAN network has some predefined Firewall Rules, and you will need to configure such rules on the additional interfaces too if you want them to be able to communicate. It's strange however that some VMs are able to ping others in the second VLAN. Please double-check that the firewall rules on the pfSense are configured properly, and also check the Windows firewall settings on the VMs, where ICMP (ping) traffic is blocked by default.

    André



  • 5.  RE: Networking VMs on a fully Isolated switch

    Posted Mar 31, 2016 06:48 PM

    That's got it, thanks for the solution a.p.!