By default, the vCloud Tunneling Agent in the vSphere Replication appliance is configured to use TCP ports ranging between 10000 and 10010 to create tunnels to the cloud. All ESXi instances that might host replication source virtual machines must have their firewall configured to allow outgoing traffic on these ports.

About this task

For each tunnel to cloud, the vCloud Tunneling Agent allocates one unique port from the specified range. You can reconfigure ESXi hosts and the vCloud Tunneling Agent to reduce the number of open ports or to change the ports that are used to create tunnels to cloud.

After you reconfigure the ESXi hosts to use custom ports, you must configure the vCloud Tunneling Agent to use the same custom ports.


  • Verify that the ports you selected to use for cloud tunnels are open for outgoing traffic on all ESXi servers that host replication sources.

  • Verify that you know the IP address of the vSphere Replication appliance in your environment. To check the IP address of the vSphere Replication appliance, select the vCenter Server in the inventory tree, navigate to the Manage tab, click vSphere Replication, and click About.

  • Verify that you have root user credentials for the vSphere Replication appliance.

  • Verify that TCP port 22 is open on the vSphere Replication appliance, and that SSH connections are enabled. See Unable to Establish an SSH Connection to the vSphere Replication Appliance.


  1. Use an SSH client to connect to the vSphere Replication appliance and log in as the root user.
  2. Run the following command to configure the ports for tunnel connections.
    				configure-vcta-server -prl LOW -prh HIGH

    Where LOW and HIGH define the range of ports to be used for tunnel connections. To use only one port, type the port number as the value for LOW and HIGH.

    For example, the following command configures the vCloud Tunneling Agent to use only port 10001.

    				configure-vcta-server -prl 10001 -prh 10001

    You can designate any free TCP port in your environment for the communication between ESXi hosts and the vCloud Tunneling Agent, but you must verify that all ESXi hosts and the vCloud Tunneling Agent are configured to use the same ports.

  3. Run the following command to restart the vCloud Tunneling Agent.
    service vmware-vcd restart