In response to my blog post on “vSphere 5 – How to run ESXi stateless with vSphere Auto Deploy“, I received a comment from Rob Ellison, who ran into issues when PXE booting through a Cisco ASA firewall. In a second comment he explained how he solved the issue. Turned out there was an issue with the frame size of the gPXE client. Below is his solution to this issue. Should you have any questions on this specific issue, feel free to contact Rob. Thank you Rob for this solution.
Rob Ellison, Managed Hosting Technical Architect
Twitter: @robellison
Google Plus: Rob Ellison
vSphere 5 – How to run ESXi stateless with vSphere Auto Deploy
vSphere 5 Auto Deploy PXE booting through Cisco ASA firewall
Updating your ESXi host using VMware vSphere 5 Auto deploy
My first Auto Deploy design for real production environment
Confirm the ASA is dropping packets due to frame size:
show asp drop frame tcp-mss-exceeded TCP data exceeded MSS (tcp-mss-exceeded)
Create a capture:
capture mss-capture type asp-drop tcp-mss-exceeded packet-length 1518
View the output after a failed boot:
show capture mss-capture 5 packets captured 1: 08:51:15.489278 802.1Q vlan#99 P0 10.x.x.x.6519 > <ip of auto-deploy>.6501: P 888399370:888400818(1448) ack 2273403046 win 8192 <nop,nop,timestamp 516952 120427860> 2: 08:51:15.963420 802.1Q vlan#99 P0 10.x.x.x.6519 > <ip of auto-deploy>.6501: P 888399370:888400818(1448) ack 2273403046 win 8192 <nop,nop,timestamp 516961 120427860> 3: 08:51:16.952099 802.1Q vlan#99 P0 10.x.x.x.6519 > <ip of auto-deploy>.6501: P 888399370:888400818(1448) ack 2273403046 win 8192 <nop,nop,timestamp 516979 120427860> 4: 08:51:18.930097 802.1Q vlan#99 P0 10.x.x.x.6519 > <ip of auto-deploy>.6501: P 888399370:888400818(1448) ack 2273403046 win 8192 <nop,nop,timestamp 517015 120427860> 5: 08:51:22.884140 802.1Q vlan#99 P0 10.x.x.x.6519 > <ip of auto-deploy>.6501: P 888399370:888400818(1448) ack 2273403046 win 8192 <nop,nop,timestamp 517087 120427860> 5 packets shown
To resolve:
access-list vmware-auto-deploy permit tcp any host <auto-deploy-host> class-map vmware-auto-deploy match access-list vmware-auto-deploy exit tcp-map mss-map exceed-mss allow exit policy-map vmware-auto-deploy class vmware-auto-deploy set connection advanced-options mss-map exit exit service-policy vmware-auto-deploy interface <esxi server interface>My series on VMware vSphere 5 Auto Deploy: vSphere 5 – How to run ESXi stateless with vSphere Auto Deploy
vSphere 5 Auto Deploy PXE booting through Cisco ASA firewall
Updating your ESXi host using VMware vSphere 5 Auto deploy
2 thoughts on “vSphere 5 Auto Deploy PXE booting through Cisco ASA firewall”
Comments are closed.