VMware Cloud Community
tantis14
Contributor
Contributor
‎05-14-2019 09:53 AM
Jump to solution

VMC on AWS - access ec2 through migrated VM to sddc

I have established connection between vmc on aws sddc to ec2. i am able to access ec2 through new VM i create in SDDC, however, i am unable to access EC2 through HCX migrated VM. , HCX migrated VM still have same IP and gateway as on prem. I have created firewall rule at sddc and aws as well. still no luck. wanted to check, if somebody has tried it earlier and how to establish connectivity between HCX migrated VM and EC2

Reply
1 Solution

Accepted Solutions
i_am_mohit
VMware Employee
VMware Employee
‎06-12-2019 12:40 AM
Jump to solution

Native VMC segments have access to AWS Linked VPC via the xVPC network.

There is no need of a VPN to achieve that.

However, when you stretch a network from On-prem to Cloud, using HCX or NSX L2VPN client, the gateway IP remains at On-prem.

So for any VM on this stretched network to talk to anything outside its own network, the traffic will flow back to On-Premises and in order to reach an AWS VPC, you would need to create a VPN or DX link. This routing needs to be configured at your On-Premises

View solution in original post

Reply
2 Replies
Brian_Graf
Enthusiast
Enthusiast
‎06-07-2019 01:07 PM
Jump to solution

Hey tantis14​, If HCX is still stretching your network (ie you retained your IP address and Default Gateway), all of your VM traffic is being routed through your on-prem environment. This means that once it hits on-prem, it's unable to route back to AWS. At this point, You'd need to unstretch the network or move your VM to a new subnet that is not stretched.

Senior Product Manager - Distributed Resource Management | @vBrianGraf
Reply
0 Kudos
i_am_mohit
VMware Employee
VMware Employee
‎06-12-2019 12:40 AM
Jump to solution

Native VMC segments have access to AWS Linked VPC via the xVPC network.

There is no need of a VPN to achieve that.

However, when you stretch a network from On-prem to Cloud, using HCX or NSX L2VPN client, the gateway IP remains at On-prem.

So for any VM on this stretched network to talk to anything outside its own network, the traffic will flow back to On-Premises and in order to reach an AWS VPC, you would need to create a VPN or DX link. This routing needs to be configured at your On-Premises

Reply