I upgraded to a new ASG120 box with V7.4 and thought I set up all my nats and filters okay but maybe Im missing something.

I cannot get HP's Integrated Lights Out remote console to work properly. The ILO address is its own address on the webserver. I also have a specific additional public IP on the Astaro for ILO. I NAT from one externally to the other internally. Right now I have ANY port open for this NAT in order to troubleshoot it, with auto packet filter selected.

I get to the ILO login screen fine and can authenticate fine, but when in the ILO control panel every time I try to fire up the Remote Console, the Java just hangs and the emulation screen never renders.

Ive successfully tested from inside the network and ILO remote console fires up fine. So something is not being passed properly when out to the world. Not sure why since I have it on ANY at the moment. And, if I get to the ILO login web page using ANY and login ok, you'd think the remote console java wold run too.

Any ideas?

That's funny; I'm having the same problem, but only with my DL165 servers; the DL365's with ILO2 work fine. I assumed it was a problem with the servers...

I'd recommend starting by checking the packetfilter and IPS logs.

Barry

__________________
http://DealBert.net
Home & business end-user since v1.x

• ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  
• ASL 7.3x, Dell PE1550 Dual PIII 1GHz, 1GB RAM, 2 NICs, 50-IP Platinum License
  
• ASL 7.501, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
  Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
  Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb

This is interesting; whilst I wouldn't expose ILO to the public internet, it should work nonetheless... in addition to the IPS and Packetfilter logs, check the IM/P2P logs as well (if you have those features enabled)... sometimes the IM/P2P filter falsely detects traffic and blocks it. Failing that, I'd probably start a case with Astaro.

__________________
Convergent Information Security Solutions, LLC
Astaro Preferred Solution Partner

I've been trying it over a VPN... still not working, and nothing in either PF nor IPS log.
tcpdump shows traffic flowing both ways.

I'm not sure this is an Astaro problem; it could be that the ILO doesn't have the gateway right or something.

FWIW, I've also previously found cabling problems where the NIC worked fine but the ILO didn't, when sharing the port. Changing the cable fixed the problem, but has not helped remote access.

Barry

__________________
http://DealBert.net
Home & business end-user since v1.x

• ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  
• ASL 7.3x, Dell PE1550 Dual PIII 1GHz, 1GB RAM, 2 NICs, 50-IP Platinum License
  
• ASL 7.501, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
  Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
  Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb

Barry, can you VPN/RDP to your local desktop and do it from there?

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

Hi Bob,
The servers are at a co-lo, so there's no local desktop, but iirc, they did work locally on my laptop when I was setting up the co-lo.

Since the ILO needs JS I can't use lynx to connect locally either.

Barry

__________________
http://DealBert.net
Home & business end-user since v1.x

• ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  
• ASL 7.3x, Dell PE1550 Dual PIII 1GHz, 1GB RAM, 2 NICs, 50-IP Platinum License
  
• ASL 7.501, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
  Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
  Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb