You can link one or more compute VPCs or VNets to a Transit VPC or VNet.


  • Verify that you have a Transit VPC or VNet with a PCG in the Up state.
  • Verify that the VPC/VNet you want to link is connected to the Transit VPC or VNet through VPN or peering.
  • Verify that the Transit VPC/VNet in the same region as the Compute VPC/VNet.
Note: In route-based IPSec VPN configuration, you must specify the IP address for the virtual tunnel interface (VTI) port. This IP must be in a different subnet than workload VMs. This prevents workload VM inbound traffic from being directed to the VTI port, from which it will be dropped.
Note: In the public cloud, a default limit exists for the number of inbound/outbound rules per security group and NSX Cloud creates default security groups. This affects how many Compute VPCs/VNets can be linked to a Transit VPC/VNet. Assuming 1 CIDR block per VPC/VNet, NSX Cloud supports 10 Compute VPCs/VNets per Transit VPC/VNet. If you have more than 1 CIDR in any Compute VPC/VNet, the number of supported Compute VPCs/VNets per Transit VPC/VNet reduces. You can adjust the default limits by reaching out to your public cloud provider.


  1. Log in to CSM using an account with the Enterprise Administrator role.
  2. Click Clouds > AWS / Azure > <public cloud_account_name> and go to the VPCs / VNets tab.
  3. In the VPCs or VNets tab, select a region name where you are hosting one or more compute VPCs or VNets.
  4. Select a compute VPC or VNet configured for NSX Cloud.
  6. Complete the options in the Link Transit VPC or VNet window:
    Option Description
    Transit VPC or VNet Select a Transit VPC or VNet from the dropdown menu. The Transit VPC or VNet you select must be already linked with this VPC by way of VPN or peering.
    Note: If connecting to Transit VNet, you must have a DNS forwarder configured in that VNet. See Microsoft Azure documentation for more information.
    Default Quarantine Policy Leave this in the default disabled mode when you first deploy PCG. You can change this value after onboarding VMs. See Manage Quarantine Policy in the NSX-T Data Center Administration Guide for details.

What to do next

Onboard your workload VMs. See Onboarding and Managing Workload VMs in the NSX-T Data Center Administration Guide for the Day-N workflow.