I have a really strange issue that I have not been able to figure out. I almost wonder if there are firewall rules or something in apache tomcat in the vRealize Operations Manager virtual appliance or something.
When I am at home and VPN in, we are issued a 192.168.55.x IP address from a Cisco ASA ip pool. Everything is routed fine to our private IP addresses in the entire 10.0.0.0 class A subnet. Our vRealize Operations manager VM lives at 10.1.1.75. No matter what I cannot get the webpage to load for this nativly on the VPN connection. I can PING 10.1.1.75 without an issue, and I can also go into the vrops virtual appliance and ping my laptops IP (192.168.55.x) and get a response fine. I can only load the webpage if I Remote Desktop to my PC back at work, which is in the 10.7.3.x subnet. I can remote to other machines in other offices that are in different 10.x.x.x subnets and they all can load the vrops website too. On vrops the default gatway is correct, and thats proven why I can ping it from any other subnet. I'm just not sure why I get ERR_CONNECTION_TIMED_OUT in every browser.
Its not a show stopper, I can remote control onto another machine in our network and connect from there, but its just not as convenient.
I've tried via the IP address that all the links from our vcenter 6.7u3 link to, and I also tried the DNS name (which does resolve correctly when pinged) https://vrops.domain.com/ . Neither the regular operations UI or the admin UI will load over VPN. I thought maybe it was DNS so I ensured my lapop which is VPN in has proper forward and reverse DNS entries in our Windows DNS server. It does, and vrops virtual appliance can ping me sucessfully by my computer name.
So it seems the network traffic is working fine (at least ping) but for some reason apache tomcat (or whatever the webserver is) is doing some kind of filtering. We have nothing in place to block port 443 or 80 from VPN users back to HQ.
Final question, why doesn't vcenter link it via dns name? That would avoid the certificate error. Otherwise when I RDP to a machine back in the office to access it, I can just type the DNS name in and there's no certificate errror since we loaded a cert on it from our Windows CA.