[VMC] vCenter UI is not accessible via public internet when using a 0.0.0.0/0 default route
search cancel

[VMC] vCenter UI is not accessible via public internet when using a 0.0.0.0/0 default route

book

Article ID: 396070

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

  • Unable to publicly access the vCenter UI when advertising the default route over VPN, Direct Connect (DX), from a Transit Gateway (TGW), or from an external network. 
  • Backup or replication activities are experiencing connectivity drops or "no connection" when the VMC vCenter is configured for public resolution. 

Environment

VMC on AWS

Cause

  • When a default route (0.0.0.0/0) is advertised, all default traffic leaving the VMC vCenter will take the configured private path. 
  • This means the default traffic will leave the VMC SDDC over VPN, DX, or be sent to the connected TGW. 
  • When accessing the VMC vCenter UI and the resolution is set to "Public IP", the incoming traffic will enter through the Internet Gateway (IGW) but outgoing traffic will leave through the private route. 
  • This results in asymmetric routing and traffic will be dropped. 

Resolution

This issue can be resolved by:

  1. Remove the default route that is being advertised. 
  2. Change the vCenter DNS Resolution setting from Public IP to Private IP
Powered by Wolken Software