Server Management - Remote Server Management
1748045 Members
5009 Online
108757 Solutions
New Discussion юеВ

ILO remote cosole throught firewall

 
John Goutbeck
Occasional Contributor

ILO remote cosole throught firewall

Hello;

I have a ML350 G5, ILO2 FW:1.61

I can login to the ILO2 and start a remote console from the private LAN with IE and FF.
I can login to the ILO2 through a firewall, and start a remote console, the java starts, status bar states "Applet com.hp.ilo2.remcons.remcons started" and the java screen states "java.net.ConnectionExection: Connection timed out: connect", but no remote console screen.

Does the java for remote console connect a different way on different ports?

How do you make this work through a NAT firewall?
hello
9 REPLIES 9
Jimmy Vance
HPE Pro

Re: ILO remote cosole throught firewall

When in the web interfasce, click the Adminstration tab, under Settings click on access. This will show you all the ports used by the various features of iLO2.

Instead of opening ports on the firewall, I normally have a system inside the firewall I can ssh into and tunnel all the iLO ports through the ssh session.

No support by private messages. Please ask the forum! 
John Goutbeck
Occasional Contributor

Re: ILO remote cosole throught firewall

Thank you;

This doesn't answer my question. I have open up all ports (TCP and UDP, 1024-65535) and still the Remote Console with java still come back with no display and the "java.net.ConnectionExection: Connection timed out: connect"

So which port or service do I look at to enable this? The choices are:
Terminal Services Port:
Virtual Media Port:
Shared Remote Console Port:
Console Replay Port:
Raw Serial Data Port:

Yes I can control a PC inside the private LAN and then Remote Control the ILO2, but I need the capability to this directly through the firewall.

Thank you.
hello
KarloChacon
Honored Contributor

Re: ILO remote cosole throught firewall

hi John

check this advisory

I think could help you

Integrated Lights-Out 2 (iLO 2) Remote Console and Virtual Media Applets May Not Operate as Expected When Accessed With Java Runtime Environment (JRE) Version 1.5.x or Version 1.6.x

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01075687тМй=en&cc=us&taskId=101&prodSeriesId=1146658&prodTypeId=18964

try and let us know

bye
Didn't your momma teach you to say thanks!
John Goutbeck
Occasional Contributor

Re: ILO remote cosole throught firewall

Thank you for the information. The HP TID did not exactly fit the description of the issue I am having. And did not list the ports to open through a firewall.

I still have the issue.

WHAT PORTS NEED TO OPENED IN A FIREWALL?

hello
KarloChacon
Honored Contributor

Re: ILO remote cosole throught firewall

the port indicating in the value you wrote before

Virtual Media Port: "port that is here"

bye
Didn't your momma teach you to say thanks!
Jimmy Vance
HPE Pro

Re: ILO remote cosole throught firewall


"When in the web interface, click the Adminstration tab, under Settings click on access. This will show you all the ports used by the various features of iLO2"


Remote Console/Telnet Port: 23
No support by private messages. Please ask the forum! 
Emilio Damian
New Member

Re: ILO remote cosole throught firewall

I am also having the same problem on one of our client. I can access the remote console from a workstation on the same LAN (without firewall in between) but when I do it remotely with firewall in between I can login to ILO2 but can't access the remote console. I looked at the firewall and then I saw that accessing the remote console needs port 23 open at the firewall as it is being dropped.
Simon Haslam
Advisor

Re: ILO remote cosole throught firewall

Agreed, I have found that port 23 seems to need to be open through a firewall too for the remote console to work (I wonder what the security implication is?).

Note that if you're changing the port too (i.e. PAT in the firewall) that would presumably cause a problem too - I guess you'd need to change your Remote Console/Telnet port to the preferred outside port instead of 23 (and then just pass this new port straight through the firewall without translation).

I assume most people VPN into the local or management networks so don't see these kind of issues.


Simon
denvernate
New Member

Re: ILO remote cosole throught firewall

I have a similiar problem. However the problem isn't the ports, the problem is the IP address that is behind the firewall for the iLO interface. The java/link in OA does not get NAT'd; OA uses the IP addresses that is locally configured with the system. It doesnt have any knowledge of the address that is NAT'd to.

I confirmed this with packet traces. anyone know how to get around this?