0

I have a samll lab I can practice on. I have a Dell PowerEdge R710 with ESXi 5.5 installed on it. I have a Dell Juniper JSRX210 H and a management laptop. I also have the Internet connection (I simply connect cable "to the wall").

I want to configure my simple lab to be able to access ESXi through the Internet. Heres my topology I got so far:

enter image description here

Heres what I did to get it work:

  1. Installed ESXi on Dell PowerEdge
  2. Connected ge0/0 to the wall (Internet) and configured ge0/0 as DHCP client
  3. Connected a management laptop and ESXi to the Juniper

Now I can:

  1. ping from ESXi to 192.168.1.1
  2. ping from ESXi to 192.168.1.2
  3. ping from ESXi to google.com
  4. ping from management laptop to ESXi, google.com and 192.168.1.1
  5. access ESxi from the management laptop using vSphere Client (login: root, IP: 192.168.1.3)

I would like to do the same from my computer at work (this is my home lab). I would like to simply pass 192.168.1.3 and connect to ESXi through the Internet. But I know its not possible, cause 192.168.1.3 is the private address .... I thought about configuring NAT (is that the right way to do this?) but I dont know how can I obtain a public IP address which I could translate to private address to get 192.168.1.3 ..

How can I do this? How should I configure Juniper to do this? Is NAT the right way? Or maybe I need a port-forwarding?

I would like to have something like this:

enter image description here

Simple answers very appreciated, Im a newbie to networking and virtualization :)

Community
  • 1
yak
  • 113
  • 1
  • 2
  • 10

1 Answers1

3

This belongs on Superuser, not Serverfault.

But regardless, you'd configure the SRX to do a static NAT from it's WAN interface to the internal 192.168.1.3. Then setup a policy to allow traffic across that NAT. I wouldn't allow just any source IP, but at a minimum lock it down to your WAN IP at work.

You can follow Juniper's KB here to get you going: http://kb.juniper.net/InfoCenter/index?page=content&id=KB21892

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
  • How can I obtain an IP address of junipers WAN interface? So I should do a one-to-one translation? I mean, translate IP of my work PC to the IP of the junipers WAN interface? – yak Nov 26 '13 at 20:35
  • 1
    It'll be a static NAT of your WAN interface to the esxi server. The SRX cli/gui will have the WAN IP on the WAN IF. Yes, it will be "one to one", that's what a static nat is. The alternative is a destination NAT, but you don't need/want to go that route. Your existing work WAN IP is what's needed if you want a locked down policy. Honestly though, this isn't the place for asking such basic questions. If you don't know how the SRX's work, you should look at some training vids on youtube. The KB article I linked has a link to setting up static NAT on the SRX line. – TheCleaner Nov 26 '13 at 20:42
  • 1
    Also, for simple setup, you can always use logmein or similar on the "management laptop" you've setup and remote into that from your work PC. Just offering up simple alternatives. But if it were me, I'd learn the SRX...you'll be glad you did. – TheCleaner Nov 26 '13 at 20:44
  • Couldn't find anything on YouTube about configuring SRX ... Thanks, I will learn SRX, I know I wont regret :d networking in general is really interesting and addictive. Many thanks! – yak Nov 26 '13 at 20:49