VMs that are stretch deployed to the public vCloud are unable to communicate with the source network or the source network cannot connect to the Internet.

After the Stretch Deploy command is completed, the VMs in the public vCloud are unable to communicate with the source network or the source network cannot connect to the Internet.

This problem occurs because of SSL VPN tunnel connectivity issues. The SSL VPN tunnel may be disconnected in the following scenarios:

Losing network connectivity between the source network and the stretched network in the public vCloud

Powering off the source vShield Edge where the SSL VPN tunnel originates

Redeploying the source vShield Edge where the SSL VPN tunnel originates

Powering off or suspending the source routed vApp where the SSL VPN tunnel originates

Resetting the routed vApp network where the SSL VPN tunnel originates

Omitting to configure or incorrectly configuring the DNS server setting in the vShield Edge of the source network (this setting is required if you specify a fully qualified domain name (FQDN) for the HTTPS proxy server during the Stretch Deploy command)

The host or the cluster in which the source vShield Edge is deployed fails.

Powering off or suspending the stretched routed vApp in the public vCloud where the SSL VPN tunnel terminates

Resetting the stretched routed vApp network where the SSL VPN tunnel terminates

The host or the cluster in which the stretched routed vApp is deployed fails.

Manually disabling the SSL VPN tunnel at the source or destination from vShield Manager

For any of the above scenarios, after you fix the problem, vCloud Connector will automatically reconnect the SSL VPN tunnel in approximately 2 minutes. If the tunnel is not reconnected, follow the instructions below to manually reset the tunnel.

Note

In the following scenarios, the SSL VPN tunnel can never be reconnected.

Changing the description of the SSL VPN tunnel object at the source or destination manually from vShield Manager

Deleting the SSL VPN tunnel object at the source or destination manually from vShield Manager

Creating another SSL VPN tunnel object at the source or destination manually from vShield Manager

Disconnecting the interface of the vShield Edge where the SSL VPN tunnel originates or terminates manually from vShield Manager

1

Log in to the vShield Manager that is associated with your private datacenter using administrator credentials.

2

Select your datacenter in the left panel.

3

Click the Network Virtualization tab, then click the Edges tab.

4

Double-click the vShield Edge where the SSL VPN tunnel is originating, then click the VPN tab.

5

Click Disable, then click Publish Changes.

6

Click Enable, then click Publish Changes.

7

Refresh the SSL VPN tunnel object table and verify that the Channel Status column displays a green check mark.

8

Log out of vShield Manager.