Hello,
I'm configuring vSphere Replication between two sites. They are connected over the internet using two public IP addresses.
At both ends two router with NAT exist.
Following this KB:
I've NAT opened on Replication Site:
Port 80 TCP from local vSphere Replication appliance to Remote vCenter Server
Port 31031 TCP&UDP from Primary site ESXi host to Remote Site vSphere Replication appliance
Port 44046 TCP&UDP from Primary site ESXi host to Remote Site vSphere Replication appliance
Using vSphere Web Client from local site I (sort of) connected to remote site, inserted public IP address of the vCenter Server of remote site then SSL key warning pop-up appeared, clicked YES to accept keys but then connection fails.
I assume there are other ports to be NAT opened on Replication Site and also incoming ports to be opened on Primary Site...can you give me some hints??
What ports do I have to NAT open at Primary site?? The same ones that I use to connect to remote site??
For ports 31031 and 44046 the KB states that source is ESXi host on primary site. Is this host the one that runs vSphere Replication appliance??What if, let's say, I vMotion vSphere Replication appliance to another host with a different IP at primary site?How does it cope behind a NAT?I cannot open the same ports (31031 & 44046 for two LAN private IP addresses) towards the internet...
Last question...vCenter at Remote Site runs on port 80, vCenter at Primary Site runs on a custom port (6968) could this be an issue?
Any suggestion is welcome since I'm pretty confused about this topic...
Thank you in advance,
Best Regards.
Paolo
When you are saying the connection fails could you elaborate further? Are there any error messages?
Have you checked the following discussion: https://communities.vmware.com/thread/439170?
Hello,
the error states that remote site might not be available on the network, or that a network problem could occurr...
The "Connect to target site to configure replications." operation failed for the entity with the following error message.
Cannot connect to the specified site. The site might not be available on the network or a network configuration problem might exist. Check your connection details and try again.
In the discussion you linked it is suggested to manually edit "/etc/hosts" file in both replication appliances. I did it but nothing changed. I suppose I miss some NAT ports.
Thank you!!
Paolo
I don't think it is about NAT ports because at that specific point in time the source is required to talk to the destination and we are still not using the replication ports.
Probably the source VC's port could become an issue. Can you try if changing the port to 80 will work?
Port 80 unfortunately is currently in use on our public IP address so I've to run vCenter on a custom port.
If could be useful I could run vCenter on standard port 80 on internal LAN but NAT-side I've to translate incoming connections from a custom port to port 80 internally.
Thank you!!
Regards,
Paolo
Were you able to resolve your issue? I am also having a similar issue.
Thanks!
Were you able to resolve your issue? I am also having a similar issue.
Thanks!
I thought it used to be that NAT wasn't supported? I see that's changed now. When we did our implementation we struggled with the same issues. A private connection between sites is all that alleviated the issue. Using a common port like port 80 really doesn't make this an easy task, and that port map is a joke. It really shouldn't be this hard. There are plenty of other products out there with more port requirements than this and much better documentation.