VMware Cloud Community
LennieDH
Enthusiast
Enthusiast
‎11-13-2013 12:13 PM

vSphere Replication ports behind NAT

Hello,

I'm configuring vSphere Replication between two sites. They are connected over the internet using two public IP addresses.

At both ends two router with NAT exist.

Following this KB:

Port numbers that must be open for Site Recovery Manager, vSphere Replication, and vCenter Server (1...

I've NAT opened on Replication Site:

Port 80 TCP from local vSphere Replication appliance to Remote vCenter Server

Port 31031 TCP&UDP from Primary site ESXi host to Remote Site vSphere Replication appliance

Port 44046 TCP&UDP from Primary site ESXi host to Remote Site vSphere Replication appliance

Using vSphere Web Client from local site I (sort of) connected to remote site, inserted public IP address of the vCenter Server of remote site then SSL key warning pop-up appeared, clicked YES to accept keys but then connection fails.


I assume there are other ports to be NAT opened on Replication Site and also incoming ports to be opened on Primary Site...can you give me some hints??

What ports do I have to NAT open at Primary site?? The same ones that I use to connect to remote site??

For ports 31031 and 44046 the KB states that source is ESXi host on primary site. Is this host the one that runs vSphere Replication appliance??What if, let's say, I vMotion vSphere Replication appliance to another host with a different IP at primary site?How does it cope behind a NAT?I cannot open the same ports (31031 & 44046 for two LAN private IP addresses) towards the internet...


Last question...vCenter at Remote Site runs on port 80, vCenter at Primary Site runs on a custom port (6968) could this be an issue?

Any suggestion is welcome since I'm pretty confused about this topic...

Thank you in advance,

Best Regards.


Paolo

If you find this information useful please mark it as "Helpful" or "Correct".
0 Kudos
7 Replies
mmarinov
VMware Employee
VMware Employee
‎11-13-2013 12:33 PM

When you are saying the connection fails could you elaborate further? Are there any error messages?

Have you checked the following discussion: https://communities.vmware.com/thread/439170?

Martin Marinov VMware Software Engineer If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
0 Kudos
LennieDH
Enthusiast
Enthusiast
‎11-14-2013 12:33 AM

Hello,

the error states that remote site might not be available on the network, or that a network problem could occurr...

The "Connect to target site to configure replications." operation failed for the entity with the following error message.

Cannot connect to the specified site. The site might not be available on the network or a network configuration problem might exist. Check your connection details and try again.

targetsite.png

In the discussion you linked it is suggested to manually edit "/etc/hosts" file in both replication appliances. I did it but nothing changed. I suppose I miss some NAT ports.

Thank you!!

Paolo

If you find this information useful please mark it as "Helpful" or "Correct".
0 Kudos
mmarinov
VMware Employee
VMware Employee
‎11-14-2013 12:41 AM

I don't think it is about NAT ports because at that specific point in time the source is required to talk to the destination and we are still not using the replication ports.

Probably the source VC's port could become an issue. Can you try if changing the port to 80 will work?

Martin Marinov VMware Software Engineer If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
0 Kudos
LennieDH
Enthusiast
Enthusiast
‎11-14-2013 01:43 AM

Port 80 unfortunately is currently in use on our public IP address so I've to run vCenter on a custom port.

If could be useful I could run vCenter on standard port 80 on internal LAN but NAT-side I've to translate incoming connections from a custom port to port 80 internally.

Thank you!!

Regards,

Paolo

If you find this information useful please mark it as "Helpful" or "Correct".
0 Kudos
alexfertmann
Contributor
Contributor
‎03-18-2014 03:49 PM

Were you able to resolve your issue?  I am also having a similar issue.

Thanks!

0 Kudos
mikkokor
Contributor
Contributor
‎08-19-2014 12:56 AM

Were you able to resolve your issue?  I am also having a similar issue.

Thanks!

0 Kudos
blabarbera
Enthusiast
Enthusiast
‎08-27-2014 06:30 AM

I thought it used to be that NAT wasn't supported? I see that's changed now. When we did our implementation we struggled with the same issues. A private connection between sites is all that alleviated the issue. Using a common port like port 80 really doesn't make this an easy task, and that port map is a joke. It really shouldn't be this hard. There are plenty of other products out there with more port requirements than this and much better documentation.

0 Kudos