To allow external is able to access workloads hosted on ACVS, you need to configure Destination NAT rule to translate public IP to your internal workload IP . The workload IP runs on NSX logical segment. As illustrated in diagram that workloads or virtual machines are connected to VPC before the traffics are being routed…