Communication cannot be established for virtual machines connected to specific NSX-T segment.

• The issue is isolated to a specific segment; other segments in the same environment function correctly.
• In the Trace Flow of the NSX Manager UI, you can verify that traffic is being routed to external networks.
• The NSX Edge connection status shows state 2:0; indicating that return traffic is not reaching the Edge.
  If you have configured the Gateway Firewall, you can verify this in the following logs.
  edge/fw-connections
  

  0x1c0000009c836a9b af 2  ethertype 0x0000 proto tcp   ###:6#### (###:6####) -> ###:### dir 2 34 0 1 0 state 2:0 f-2024 n-0 flg:### if:<if-id> 

VMware NSX

The primary cause is typically a duplicate IP subnet or segment configuration across different environments or Tier-1 Gateways.

• If the same IP subnet is defined in another environment or under a different Tier-1 Gateway, asymmetric routing occurs. Return traffic is directed toward the duplicate segment instead of the original source.
• If identical subnets exist on the physical network or other segments, ARP resolution may fail or resolve to an incorrect MAC address, preventing successful packet delivery.

• Inspect all Tier-1 Gateways and physical network devices to ensure the affected subnet is not duplicated.
• If a duplicate segment is found, modify the configuration to eliminate the overlap.