Have you done some trace routes to see where the traffic is going, you definitely have a routing issue.. and since this is a nested lab, have you configured security on the portgroups accordingly?

PS.  Ignore the comment above, was logged in with the wrong account.

Hi Mohan,

I have set all security on port groups to Accepted

Yes, most probably it's a routing issue, but not sure where is the issue?

Trace routes in both directions, try to narrow down where your issue is.

from the ESXi's >> there are no traceroutes 

[root@esxi-1:~] traceroute 10.50.0.1
traceroute to 10.50.0.1 (10.50.0.1), 64 hops max
1 * * *
2 * * traceroute: sendto: No route to host
[root@esxi-1:~] traceroute 10.60.0.1
traceroute to 10.60.0.1 (10.60.0.1), 64 hops max
1 * * *
2 * * traceroute: sendto: No route to host

from the Pfsene it works fine

[2.4.5-RELEASE][admin@pfSense.localdomain]/root: traceroute 10.50.0.1
traceroute to 10.50.0.1 (10.50.0.1), 64 hops max, 40 byte packets
1 172.27.11.2 (172.27.11.2) 0.806 ms 0.605 ms 0.601 ms
2 10.50.0.1 (10.50.0.1) 2.137 ms 0.524 ms 0.720 ms

Are the management appliances on the same subnets as the host?

If they don't have a default gateway / route out then that will cause you a lot of problems. 

I have a single physical host in a subnet and I am building the whole environment on top of it!

my question is how can I use Pfsense to routing the traffic from 10.0.0.x to T1 router VLANs 10.50.0.0 & 10.60.0.0 

BR,

Muhammad 

Can the nested esxi hit their own gateway? Is their gateway on pfsense ?

I am not able to ping the nested ESXi GW!!

The GWs as below 

Since this is nested;

Make sure that the VM of the nested ESXi's portgroups are the portgroup with all the security functions turned on and is a trunking port group, this should be the portgroup created on your single physical esxi host.  Then in the ESXi VM, ensure the management interface is tagged with the management VLAN.  Also ensure all VLANs are trunked to your ESXi host from the physical network fabric.

It sounds like there is bad config somewhere.

I marked the solution,how can I set the thread as resolved?

FYI. I had the same issue and attempted your solution but it did not work for me. Luckily, I got the right syntax with the help of @usbenny himself from the #vlc-support slack channel, which resolved my issue. I'm running the latest VCF Cloud Builder 4.10 BTW:

For the 10.50.0.1 subnet

ip route add 10.50.0.0/24 proto static scope global nexthop dev eth0.11 via 172.27.11.2 weight 1 nexthop dev eth0.11 via 172.27.11.3 weight 1 nexthop dev eth0.12 via 172.27.12.2 weight 1 nexthop dev eth0.12 via 172.27.12.3 weight 1

For the 10.60.0.1 subnet

ip route add 10.60.0.0/24 proto static scope global nexthop dev eth0.11 via 172.27.11.2 weight 1 nexthop dev eth0.11 via 172.27.11.3 weight 1 nexthop dev eth0.12 via 172.27.12.2 weight 1 nexthop dev eth0.12 via 172.27.12.3 weight 1

Hope this helps someone.

I'm facing the similar problem,but both solution mentioned on this thread not working for me,.

On CloudBuilderVM to AVN network is not reachable.Do i need to specifically configure anything on CloudBuilderVM