SSH failed to edge the routed port of a LAN IP from an overlay / from another site
VMware VeloCloud SD-WAN Edge version 5.0.1.5.
The issue is fixed in 5.2.0.0 and later
There is a known issue tracked under id 105933.
More details can be found in Release Notes
Fixed Issue 105933: A user cannot SSH to VMware SD-WAN Edge models 610/610-LTE or 520/540 via a routed interface.
There is no drop rule for duplicate SSH packets which originate via an af-pkt driver used by the affected Edge's OS. Because of this the Edge kernel receives 2 SSH packets: one via the vce1 interface, and another direct SSH packet because of the nature of the driver. This causes the Edge kernel to reply for 2 SSH requests, confusing the SSH client and results in the SSH failure.
For an Edge without a fix for this issue, the user can add an IP table rule to drop the SSH packets received from interfaces other than vce1.
https://docs.vmware.com/en/VMware-SASE/5.2.0/rn/vmware-sase-520-release-notes/index.html
And caused our SSH failure, the software has been fixed on version 5.2.0.
So we verified the version in Lab, version 5.2.0+ could work with SSH
Please notice the comment from documents.
https://docs.vmware.com/en/VMware-SASE/5.2.3/rn/vmware-sase-523-release-notes/index.html
https://docs.vmware.com/en/VMware-SASE/5.2.2/rn/vmware-sase-522-release-notes/index.html