![\"\"](\"http:\/\/www.zoyinc.com\/wp-content\/uploads\/2018\/10\/VLAN2Ethernet11.jpg\")
<\/p>\n<\/p>\n
I had a Windows 10 VM, running inside VMware ESXi 6.0, which I needed to connect to the laptop as shown in the above diagram. In addition I needed both the laptop and VM to be on an isolated LAN which meant neither the VM nor laptop to should be able to access the internet or our LAN – or indeed anything else.<\/p>\n
Typically the situation to this problem would be to have two physical NICs, N<\/strong>etwork I<\/strong>nterface C<\/strong>ard, on the ESX server with one NIC connected to the LAN for ESX management and the other NIC connected to the laptop via a dedicated switch. However in my case I was going to have trouble actually plugging in another network card, as ESX was running on a small form fact PC – Lenovo M58P. In addition the ESX serverwas in the garage where it was going to be difficult to run another network cable to it.<\/p>\n The solution was to connect the VM to a VLAN, inside ESX, and connect this to my SonicWall. This is the same way that I connected my web server to the internet – see my post: Public facing web server on SonicWALL VLAN<\/a><\/p>\n In this case I could not use the DMZ zone because I didn’t want either the VM nor the laptop to have internet access plus I didn’t actually want it in the DMZ as this exists for the like of public web servers that might be the subject of an attack.<\/p>\n Within ESX I created a “Port Group” which I called “HomeRun” and configured it to use VLAN ID 15: Next step was on the SonicWall where I create a new zone, under “Network | Zones”, as follows:<\/p>\n Next I created a “Virtual Interface” on the X0 interface in SonicWall. Remember that the X0 interface is the primary LAN interface and also where our switch connects to the SonicWall. So from “Network | Interfaces” select:<\/p>\n Then set this up thus:<\/p>\n Now we have to configure the X4 interface, where the laptop is plugged in, to connect to see the VM. So in “Network | Interfaces” edit the X4 interface to be:<\/p>\n It is important to understand how things are routed. The current setup has<\/p>\n The VM has the following config:<\/p>\n The laptop is configured:<\/p>\n As you know that the VM is on the “X0:V15” interface under X0 and it has an IP of “192.168.213.1”<\/p>\n The laptop is on the X4 interface which has an IP of “192.168.211.1”.<\/p>\n The important thing here is the configuration of the gateway for the VM and the laptop so that the packets for the other end are directed through the appropriate gateway<\/p>\n Obviously it is vital that both the “X0:V15” and “X4” interfaces are on the same zone – in this case “Test”<\/p>\n During this exercise I had a lot of challenges. Frequently my diagnostic methods didn’t always go to plan. Typically I would try to ping something, like the laptop and it would fail. I would assume that the problem was my SonicWall setup but in actual fact it was because the Windows firewall on the laptop, thinking it was in a public area, would drop all pings.<\/p>\n For for both the VM and the laptop I turned off the firewall while I was doing the setup and diagnostics – you may<\/strong> want to enable the firewalls when finished ?<\/p>\n Likewise I would try to ping the gateway in the Sonicwall and the ping would not return. However the problem was that the interface in SonicWall did not have “ping” enabled:<\/p>\n <\/p>\n I have tested the above configuration and from the VM I can RDP to the laptop and from the laptop I can RDP to the VM.<\/p>\n","protected":false},"excerpt":{"rendered":" I had a Windows 10 VM, running inside VMware ESXi 6.0, which I needed to connect to the laptop as shown in the above diagram. In addition I needed both the laptop and VM to be on an isolated LAN which meant neither the VM nor laptop to should be able to access the internet […]<\/p>\n","protected":false},"author":2,"featured_media":3322,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[124,58,345],"tags":[343,342,352,458,459,346,353,372,308],"class_list":["post-3301","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-esxi","category-how-to","category-sonicwall","tag-esx","tag-esxi","tag-firewall","tag-interface","tag-networking","tag-sonicwall","tag-vlan","tag-vm","tag-vmware"],"_links":{"self":[{"href":"http:\/\/www.zoyinc.com\/index.php?rest_route=\/wp\/v2\/posts\/3301","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.zoyinc.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.zoyinc.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.zoyinc.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.zoyinc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3301"}],"version-history":[{"count":13,"href":"http:\/\/www.zoyinc.com\/index.php?rest_route=\/wp\/v2\/posts\/3301\/revisions"}],"predecessor-version":[{"id":3325,"href":"http:\/\/www.zoyinc.com\/index.php?rest_route=\/wp\/v2\/posts\/3301\/revisions\/3325"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.zoyinc.com\/index.php?rest_route=\/wp\/v2\/media\/3322"}],"wp:attachment":[{"href":"http:\/\/www.zoyinc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.zoyinc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3301"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.zoyinc.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}What I did<\/h2>\n
![\"\"](\"http:\/\/www.zoyinc.com\/wp-content\/uploads\/2018\/10\/VLAN2Ethernet03.jpg\")
<\/a>I setup the NIC for the VM to connect to the “HomeRun” ESX network:<\/p>\n![\"\"](\"http:\/\/www.zoyinc.com\/wp-content\/uploads\/2018\/10\/VLAN2Ethernet02.jpg\")
<\/a>ESX has a “Management Network” port group, which is somewhat like a virtual interface. This is what the ESX vSphere client connects to or from ESX v6. 5 and above this is where you point your browser to in order to manage ESX:![\"\"](\"http:\/\/www.zoyinc.com\/wp-content\/uploads\/2018\/10\/VLAN2Ethernet06.jpg\")
<\/a>By putting our VM on a VLAN it means that it’s network traffic is isolated from the LAN – VLAN = “V<\/strong>irtual” LAN. So in our case this means that our VM is on one LAN and ESX management is on another LAN but all done with one single NIC on the ESX host. Works great, but leaves us with the challenge of connecting the VLAN\/VM to a physical isolated Ethernet port on the SonicWall.<\/p>\n![\"\"](\"http:\/\/www.zoyinc.com\/wp-content\/uploads\/2018\/10\/VLAN2Ethernet05.jpg\")
<\/p>\n![\"\"](\"http:\/\/www.zoyinc.com\/wp-content\/uploads\/2018\/10\/VLAN2Ethernet07.jpg\")
<\/p>\n![\"\"](\"http:\/\/www.zoyinc.com\/wp-content\/uploads\/2018\/10\/VLAN2Ethernet09.jpg\")
<\/p>\n![\"\"](\"http:\/\/www.zoyinc.com\/wp-content\/uploads\/2018\/10\/VLAN2Ethernet10.jpg\")
<\/p>\nRouting<\/h2>\n
Windows IP Configuration\r\n\r\nHost Name . . . . . . . . . . . . : Win10A\r\nPrimary Dns Suffix . . . . . . . :\r\nNode Type . . . . . . . . . . . . : Hybrid\r\nIP Routing Enabled. . . . . . . . : No\r\nWINS Proxy Enabled. . . . . . . . : No\r\n\r\nEthernet adapter Ethernet0:\r\n\r\nConnection-specific DNS Suffix . :\r\nDescription . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection\r\nPhysical Address. . . . . . . . . : 00-0C-29-12-EA-11\r\nDHCP Enabled. . . . . . . . . . . : No\r\nAutoconfiguration Enabled . . . . : Yes\r\nLink-local IPv6 Address . . . . . : fe80::74dd:5518:4469:1771%5(Preferred)\r\nIPv4 Address. . . . . . . . . . . : 192.168.213.66(Preferred)\r\nSubnet Mask . . . . . . . . . . . : 255.255.255.0\r\nDefault Gateway . . . . . . . . . : 192.168.213.1<\/span>\r\nDHCPv6 IAID . . . . . . . . . . . : 100666409\r\nDHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-2E-B6-97-00-0C-29-12-EA-11\r\nDNS Servers . . . . . . . . . . . : 8.8.8.8\r\nNetBIOS over Tcpip. . . . . . . . : Enabled<\/pre>\nWindows IP Configuration\r\n\r\nHost Name . . . . . . . . . . . . : Finn\r\nPrimary Dns Suffix . . . . . . . :\r\nNode Type . . . . . . . . . . . . : Hybrid\r\nIP Routing Enabled. . . . . . . . : No\r\nWINS Proxy Enabled. . . . . . . . : No\r\n\r\nEthernet adapter Ethernet:\r\n\r\nConnection-specific DNS Suffix . :\r\nDescription . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection\r\nPhysical Address. . . . . . . . . : 78-E7-D1-AF-EB-33\r\nDHCP Enabled. . . . . . . . . . . : No\r\nAutoconfiguration Enabled . . . . : Yes\r\nLink-local IPv6 Address . . . . . : fe80::7183:b94c:318c:d324%4(Preferred)\r\nIPv4 Address. . . . . . . . . . . : 192.168.211.44(Preferred)\r\nSubnet Mask . . . . . . . . . . . : 255.255.255.0\r\nDefault Gateway . . . . . . . . . : 192.168.211.1<\/span>\r\nDHCPv6 IAID . . . . . . . . . . . : 58255313\r\nDHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-2B-1D-4F-78-E7-D1-AF-EB-33\r\nDNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1\r\nfec0:0:0:ffff::2%1\r\nfec0:0:0:ffff::3%1\r\nNetBIOS over Tcpip. . . . . . . . : Enabled<\/pre>\nChallenges and things to watch out for<\/h2>\n
![\"\"](\"http:\/\/www.zoyinc.com\/wp-content\/uploads\/2018\/10\/VLAN2Ethernet04.jpg\")
<\/p>\nTesting of the complete solution<\/h2>\n