VMware HCX

 View Only
  • 1.  Unable to access HCX Internet on AVS

    Posted Jun 17, 2024 02:36 PM

    Hi team,

    I have been following the YouTube video and documentation to access HCX over internet for Azure VMware Solution. I am following exactly the same steps as mentioned in the video and the MSFT documentation to access HCX over the internet. There is no VPN connectivity. But still unable to connect.

    https://www.youtube.com/****?v=Gr6z8pCqviA

    https://learn.microsoft.com/en-gb/azure/azure-vmware/enable-hcx-access-over-internet



  • 2.  RE: Unable to access HCX Internet on AVS

    Broadcom Employee
    Posted 30 days ago

    Hello, 

    VPN and Internet connectivity are two different ways of using HCX.  The link that you provided describes using HCX over the Internet via public IP address.  Are you able to pair the on-prem HCX Manager with the HCX Manager in AVS?




  • 3.  RE: Unable to access HCX Internet on AVS

    Posted 30 days ago

    Hi Tom,

    Problem Description:

    Unable to access HCX on internet(HTTPS port 443) in AVS

    Configuration Design:

    ·       Deployed AVS with 3 nodes cluster

    ·       On-premise and AVS is connected via Azure virtual WAN with all the gateway needed

    ER for AVS <-> HUB

         VPN for HUB <-> On prem

    ·       For the internet connectivity on AVS, selected option as below

    Steps taken to Enable HCX access over the internet

    Followed document as below

    https://learn.microsoft.com/en-us/azure/azure-vmware/enable-hcx-access-over-internet#configure-public-ip-block

    ·       Configured SNAT and it was working fine. But DNAT was not working as expected.

    ·       To make DNAT working, in the SNAT configuration when I added the translated IP as Static NULL Route IP which is the nonoverlapping /32 IP, I am able to access the HCX over public internet. Both SNAT and DNAT are working as expected and I am able to access HCX over public internet from on-premise.

    Question to ask:

    ·       Why is there a need to create a static NULL route to the Tier 1 router?

    ·       If I create another new Tier 1 router, do I again need to configure the static null route?

    ·       To make DNAT work, why have we added the translated IP as the static NULL route IP, which is the nonoverlapping /32 IP in the SNAT configuration?