Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Nexus 1000v and DMZ

Hi,

We currently have Nexus 1000v and some ESX hosts deployed on our internal private network.

We currently have a single ESX host deployed in our DMZ.  Is it possible to manage the ESX Host in the DMZ with the Nexus implementation in our internal private network?

I can’t seem to find any good documentation on how this can be accomplished.  Can someone guide me in the right direction, or refer any good documentation on the subject?

 

Thanks

3 REPLIES
Cisco Employee

Hi,I don't think you can

Hi,

I don't think you can achieve this config. 

The ESXi host can have a Host Mgmt VMkernel in the DMZ which would allow for Host to vCenter communication. This is how you would be accessing the host.

The ESXi host can have a Nexus 1000v L3 Control VMkernel in the Internal Private Network. This would allow the host to talk to VSM that resides on the internal network.

However, VSM requires a connection to vCenter to push port-profiles and other information. That information is then pushed from the vCenter to the host.

Because the VSM is in the private network, it can't talk to the vCenter in the DMZ network. Hence, it won't work without routing between DMZ network and Private network in place. 

Additionally, a host can only be managed by one vCenter. So you can't spin up a new vCenter in the private network and have it connected to both.

I drew up a quick diagram, maybe it helps.

HTH,

Joe

New Member

Joe, Thanks for your reply.

Joe,

 

Thanks for your reply.  To elaborate on the the setup I want to accomplish....Presently I have vCenter and VSM in my private network.  I have a single ESX host in my DMZ.  I want to manage this single ESX host from my VSM/vCenter which are in my private network.  And I'm currently using L2 for my VSM to VEM communication.  

So do you think I could manage my ESX host from my DMZ, with my current vCenter/VSM setup in my private network without to much risk?

Cisco Employee

Hi,If the host IP is on the

Hi,

If the host IP is on the DMZ network but the vCenter IP is on the private network, the two won't be able to communicate, given that the private network and DMZ network can't talk to each other.

HTH,

Joe

40
Views
0
Helpful
3
Replies