[VMC] Cloud SDDC traffic impacted after SDDC upgrade
Article ID: 312511
Updated On:
Products
VMware Cloud on AWS
VMware Cloud on Dell EMC
Issue/Introduction
To provide the steps to resolve VMC communication when using a PBVPN and SDDC versions newer than 1.10.
Symptoms:
The VMware Cloud (VMC) SDDC was recently upgraded from 1.10 to a new version and is using a Policy Based VPN (PBVPN). After the upgrade, the gateway firewall is no longer allowing external traffic through.
Symptoms:
The VMware Cloud (VMC) SDDC was recently upgraded from 1.10 to a new version and is using a Policy Based VPN (PBVPN). After the upgrade, the gateway firewall is no longer allowing external traffic through.
Cause
On VMC SDDC versions 1.10 or older and using a PBVPN, the gateway firewall rule could apply to the VPN Tunnel Interface (VTI). This was not intended and VMC SDDC versions 1.12 or newer will not work using this configuration.
Resolution
To prevent or correct this issue across all VMC SDDC versions, create or modify any PBVPN rules to apply to the VPC Interface, Internet Interface, or All Uplinks.
When applied to the VTI, the rule will apply to traffic over a Route Based VPN (RPVPN) and not the PBVPN.
This VMware documentation explains the Compute Gateway Firewall Rules and how they are applied: Add or Modify Compute Firewall Rules
When applied to the VTI, the rule will apply to traffic over a Route Based VPN (RPVPN) and not the PBVPN.
This VMware documentation explains the Compute Gateway Firewall Rules and how they are applied: Add or Modify Compute Firewall Rules
Feedback
Yes
No
Powered by
