When Direct Connect private virtual interface is attached to a VMware Cloud on AWS environment, you cannot use VPN connectivity for replication traffic communication from this environment.

Problem

When you have Direct Connect private virtual interface attached to a VMware Cloud on AWS environment, you cannot use VPN connectivity for replication traffic communication from this environment.

Cause

With private virtual interface, the only possible external connectivity option for ESXi traffic is Direct Connect. If there is a VPN between the source and the target sites, the ESXi to vSphere Replication appliance traffic uses Direct Connect path, while the return traffic uses VPN path resulting in an asymmetric routing. The firewall in the VMware Cloud on AWS environment drops such traffic.

Solution

When you use Direct Connect private virtual interface, route the replication traffic between the source and the target SDDCs through on-premises.
  • VMware Cloud on AWS to VMware Cloud on AWS with Direct Connect.

  • VMware Cloud on AWS to VMware Cloud on AWS with VPN for the appliance network and Direct Connect for the infrastructure network.

  • VMware Cloud on AWS to VMware Cloud on AWS with VPN only.