VMware HCX

Hi team,

I have been following the YouTube video and documentation to access HCX over internet for Azure VMware Solution. I am following exactly the same steps as mentioned in the video and the MSFT documentation to access HCX over the internet. There is no VPN connectivity. But still unable to connect.

https://www.youtube.com/****?v=Gr6z8pCqviA

https://learn.microsoft.com/en-gb/azure/azure-vmware/enable-hcx-access-over-internet

Hello, 

VPN and Internet connectivity are two different ways of using HCX.  The link that you provided describes using HCX over the Internet via public IP address.  Are you able to pair the on-prem HCX Manager with the HCX Manager in AVS?

Hi Tom,

Problem Description:

Unable to access HCX on internet(HTTPS port 443) in AVS

Configuration Design:

·       Deployed AVS with 3 nodes cluster

·       On-premise and AVS is connected via Azure virtual WAN with all the gateway needed

ER for AVS <-> HUB

     VPN for HUB <-> On prem

·       For the internet connectivity on AVS, selected option as below

Steps taken to Enable HCX access over the internet

Followed document as below

https://learn.microsoft.com/en-us/azure/azure-vmware/enable-hcx-access-over-internet#configure-public-ip-block

·       Configured SNAT and it was working fine. But DNAT was not working as expected.

·       To make DNAT working, in the SNAT configuration when I added the translated IP as Static NULL Route IP which is the nonoverlapping /32 IP, I am able to access the HCX over public internet. Both SNAT and DNAT are working as expected and I am able to access HCX over public internet from on-premise.

Question to ask:

·       Why is there a need to create a static NULL route to the Tier 1 router?

·       If I create another new Tier 1 router, do I again need to configure the static null route?

·       To make DNAT work, why have we added the translated IP as the static NULL route IP, which is the nonoverlapping /32 IP in the SNAT configuration?