[VMC on AWS] Unable to access SDDC vCenter using web browser via IPSec VPN
search cancel

[VMC on AWS] Unable to access SDDC vCenter using web browser via IPSec VPN

book

Article ID: 316707

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

This article provides information on how to resolve issues if you are unable to access SDDC vCenter via IPSec VPN.

Symptoms:
  • You are unable to access SDDC vCenter using a web browser even though you changed vCenter "Resolution Address" to Private IP and https access from the source machine to vCenter is allowed on management gateway.
  • You are able to get a response from SDDC vCenter with ICMP.
  • Curl command against SDDC vCenter via IPSec VPN fails during SSL handshake.


Cause

This issue happens if there is a network device that defines MTU size as less than 1392 in your on-premise.

Resolution

To resolve this issue, configure the TCP MSS Clamping setting in VPN if your SDDC version is 1.12 or higher. Otherwise, identify your on-premise network device that defines MTU size as less than 1392 and enable TCP MSS Clamping setting.

Screen Shot 2021-05-21 at 13.56.45.png
 


Workaround:
Lower the MTU setting in your guest operating system temporarily.

Additional Information

Configure a VPN Connection Between Your SDDC and On-Premises Data Center

Powered by Wolken Software