We have 2 physical servers in a datacenter. Hyper-V is enabled on both. We have several VMs setup on each server for various purposes: mail server, web server, file server, and various specialty purposes. The VMs are all on the same subnet (10.10.100.x) as the two host servers. We also have a Cisco ASA firewall in the datacenter to control inbound activity and route traffic to the appropriate VM. We now need to setup a small VM environment for a single client consisting of a Server 2019 and several Win 10 VMs. I created a NAT network using powershell to setup a separate subnet (10.10.101.x) on the Host server.
New-VMSwitch -SwitchName “xx_Int_SW101” -SwitchType Internal
Get-VMSwitch
Get-NetAdapter
New-NetIPAddress -IPAddress 10.10.101.1 -PrefixLength 24 -InterfaceIndex 79
New-NetNat -Name xx_Network -InternalIPInterfaceAddressPrefix 10.10.101.0/24
We also setup a VLan 101 on the Cisco to match the 10.10.100.x subnet with rules to block traffic between the 100 and 101 subnets. The problem is that this results in the host server having both 100 and 101 addresses and some traffic passes through from VMs on the 101 subnet to VMs on the 100 subnet without ever getting to the Cisco.
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::9540:2b88:2183:730f%31
IPv4 Address. . . . . . . . . . . : 10.10.101.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.101.1
C:UsersScomage>tracert 10.10.100.13
Tracing route to 10.10.100.13 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms SCOMAGE-LW02 [10.10.101.1]
2 1 ms <1 ms <1 ms 10.10.100.13
Trace complete.
I can’t figure out how to keep the 101 subnet from seeing VMs on 100. Any ideas will be greatly appreciated.
