I'm not sure if this is a switch/infrastructure problem or a vSphere problem. Basically my guests can get to different (layer 3) internal segements, but NOT out the WAN. The strange part, is that the host itself CAN, but guests on the same vSwitch CANNOT. I skinnied this down to a super simple configuration with 1 uplink and 1 vSwitch. It's a standard vSwitch with a Mangement Network PG and a VM Network PG and 1 vmnic uplink.
If I enable SSH on the host, I have no problem pinging 8.8.8.8 from the host itself; works like a champ. If I open the console of a VM (on the VM Network PG, same vSwitch), I cannot ping 8.8.8.8. I can ping internal routers, but not out to the internet - so it's like 1/2 working.
I would immediately jump to saying something is wrong with the LAN/WAN, but why would the vSphere host, itself, be able to ping 8.8.8.8 over the same vmnic, same vSwitch, same VLAN, etc.? The guest's netmask, gateway, etc are definitely correct - I can prove that because internal layer 3 routing is fine. I've tried it on more than one guests (Linux and Windows) on this host too.
Physical network is all Cisco - is there some kind of filtering that say something like an ASA might do, to "know" if a packet originates from a switch, behind a hosts's NIC vs on a traditional switch? Like some kind of MAC spoofing detection?
Thanks in advance ... a real mind bender on this one (for me anyway!).