As far as i can see all ports are open in the firewall on both sites. if it is port 902 so is used it is open from Site A to B. it i try telnet from site A to site B 192.168.10.115 port 902
i get a connection
Trying 192.168.10.115...
Connected to 192.168.10.115.
Escape character is '^]'.
220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , VMXARGS supported, NFCSSL supported/t
if i do a nmap scan on 192.168.10.115 from site A to site B
nmap -p 902 192.168.10.115
Starting Nmap 7.01 ( https://nmap.org ) at 2019-03-17 23:02 CET
Nmap scan report for 192.168.10.115
Host is up (0.0028s latency).
PORT STATE SERVICE
902/tcp open iss-realsecure
---------------------------------------------------------
nmap -sU -p 902 192.168.10.115
Starting Nmap 7.01 ( https://nmap.org ) at 2019-03-17 23:06 CET
Nmap scan report for 192.168.10.115
Host is up (0.0028s latency).
PORT STATE SERVICE
902/udp open|filtered ideafarm-door
So as far as i can see port 902 responds from site A to site B as open on tcp and upd and this is where the heartbeat comes from i think.
But for some reason the ip do change when adding host 192.168.10.115 to 10.0.10.2 in vcenter after it has added the esxi host.
If i look at the datastores to in vcenter for esxi cient at site B they have changed to ip from 192.168.10.115 to 10.0.10.2 and are showing as (inactive)
I guess it is some Nat problem i can't understand so is making the issue, but for me it looks like the vpn connections between site A and B works fine.