In order to resolve this issue the Site Pair and Service Mesh will need to be re-created and the SDDC VPN Configuration will need to be altered to exclude any IP addresses used by the HCX Manager or Appliances: First, if the network is stretched, un-stretch it. Delete the Service Mesh, and remove the Site Pairing. Once the Site Pairing has been removed, navigate to the SDDC Network And Security page > VPN and if using a Policy Based VPN remove the HCX IP range (the IPs of the HCX Manager/Interconnect/Network Extension) from the "Remote Networks" field. If using a Route Based VPN un-advertise the HCX IP range. Validate that none of the IPs available to the HCX Manager and Appliances are listed in the VPN. After re-configuring the VPN Tunnel, re-create the Site Pairing, and the Service Mesh. To test available bandwidth of the HCX Tunnels please refer to kb 56211.