Host-based backup of VMware vSphere VMs.
Post Reply
matteu
Veeam Legend
Posts: 822
Liked: 128 times
Joined: May 11, 2018 8:42 am
Contact:

understand virtual lab route

Post by matteu »

Hello,

I would like to understand if it's normal I can't join my masquerade IP from my client computer if I add route without doing any modification on my firewall ?

I have different VLAN :
1 for my client computer
1 for my Veeam + proxy gw + some servers
1 for my servers

It's working without any modification on my firewall from my veeam vlan. I just need to add static ip route.
It's not working from my client computer or server vlan

Is it normal ?
How do you manage it ?
Regnor
VeeaMVP
Posts: 1007
Liked: 314 times
Joined: Jan 31, 2011 11:17 am
Full Name: Max
Contact:

Re: understand virtual lab route

Post by Regnor »

You can only use static routes on your client/device, if it's in the same network as the virutal lab proxy appliance.
If your client is in a different network, a static route won't work as your default gateway is used to reach a different subnet/VLAN.
In your case it's your firewall and as long as this one doesn't know how to route the masquerade network, it will just drop the traffic.

So you either need to implement additional routes there, or implement static mapping in your virtual lab with production IPs.
https://helpcenter.veeam.com/docs/backu ... ml?ver=110
Andreas Neufert
VP, Product Management
Posts: 7081
Liked: 1511 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: understand virtual lab route

Post by Andreas Neufert »

Best way, just add the same route (to the masquerade network) that you implement on your Veeam Server network on your router (firewall).
matteu
Veeam Legend
Posts: 822
Liked: 128 times
Joined: May 11, 2018 8:42 am
Contact:

Re: understand virtual lab route

Post by matteu »

Thanks for both answer here :)

If I add route on my firewall, that mean my production VM could eventually communicate with my isolated VM right ?
vlab -> external is blocked by proxy gateway
external -> vlab is not blocked.

This can cause several issue if DC in production talk with DC in vlab. That mean I need to route the masquerade network on my firewall but I also need to allow only source network from my client IP or VLAN right ?
Andreas Neufert
VP, Product Management
Posts: 7081
Liked: 1511 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: understand virtual lab route

Post by Andreas Neufert »

No, the vlab environment is only reachable through the masquerade IP address and the vlab can only answer to requests initiated from the outside.

If you are worried you can add the same route entries maybe only at the systems that should be able to communicate with the vlab.
matteu
Veeam Legend
Posts: 822
Liked: 128 times
Joined: May 11, 2018 8:42 am
Contact:

Re: understand virtual lab route

Post by matteu »

Thanks for the answer :)

I understand better how it work know :)
Post Reply

Who is online

Users browsing this forum: EricinIT, Semrush [Bot] and 34 guests