This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to allow VMware Workstation created VM's to work on physical PA-820?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to allow VMware Workstation created VM's to work on physical PA-820?

R.Tryba
L1 Bithead

‎07-05-2022 12:22 PM - edited ‎07-05-2022 12:24 PM

Hi,

My home setup includes PC with multiple NIC's and a VMware Workstation that has my virtual lab (Windows domain controller, 5 ESXi  7 hosts, VCSA and some other stuff) This is licenced via VMUG programme.

My main PC goes through one of NIC's direct to PA-820, VMWorkstation is 'bridged' to one of other NIC's I have. Separate subnets.

 

Have created new zone, NAT and security policy to allow all traffic from VMware-assigned PA-820 NIC/zone to 'any' zone - to get any input data. Have applied management profile that allows ping to zone.

 

Problem: I cannot make VCSA to connect to Internet. All traffic I can see is that from IP address that is assigned to 'bridged' NIC on main PC to IP assigned to PA's interface.

Tried amending NAT policy to include PA's address (IP_VMUG_Router) in NAT policy, it does not work with and without that.20220705-PA_NAT.JPG

Security policy looks like that (Speedy is my main PC's zone):

20220705-PA_secpolicy.JPG

IP's are: 

192.168.172.71 - DHCP assigned IP to physical NIC 'bridged' to VMWorkstation network segment.

192.168.172.1 - IP of PA-820's interface for that zone

192.168.100.x - main PC's subnet.

 

I can ping from main PC to all IP's used in VMUG zone.

I can ping from VM's in VMUG zone to PA's NIC IP.

I cannot ping from any VM to anything outside of VMUG zone, neither on Speedy or Internet.

 

 

Where do I go wrong? I wonder if my main PC understands that one of NIC's has IP from 192.168.172.x subnet and pings direct to NIC? I can see ping traffic on PA from 192.168.172.71 to 192.168.172.1 only..

 

Regards
Rob T.
0 Likes Likes
1 REPLY 1

BPry
Cyber Elite
Cyber Elite

‎07-05-2022 05:06 PM

@R.Tryba,

Sounds like you have a routing issue. I'd verify on your PC that your route table is actually setup how you wish to route traffic, along with verifying that you have the virtual router routes setup properly. 

0 Likes Likes
  • 1723 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks