Versions Compared

Old Version 2

changes.mady.by.user Tahir Kulelija

Saved on

compared with

New Version 3

changes.mady.by.user Jason Baseley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
 

To enable a IPSec VPN on your VMware VDC : 

1. Go to your vCloud Director 

2. Go to "Edge" > "Configure Services

Image Removed

...

Image Added


3. Go to "VPN" tab and enable "IPSec VPN Service Status"

Image Removed

...

Image Added


4. Go to "IPSec VPN Sites" and click "

...

+"

Image Removed

...

Image Added


5. You will see IPSec VPN Configuration form 

Image Removed

...

Image Added


6. You can fill the form with your IPSec VPN Configuration (*)

...

Image Added

 

...


Image Added

7. You can add Local Subnet IP & Peer Subnet IP on Firewall configuration the IP should be added back and forth

Image Removed

...

Image Added


VPN Settings (*)

 

Field 

Description 

Required 

Options/Example 

Enable VPN 

Ensure that this is Enabled. 

Yes 

...

On / Off 

Perfect Forward Security 

Ensure that this is enabled. PFS will ensure the same key will not be generated again, so forcing a new diffie-hellman key exchange 

Yes 

...

On / Off 

Encryption Algorithm 

The Encryption Protocol reflects what is configured on the remote site VPN device 

...

Yes 

...

AES-256, AES, 3DES 

DH Group 

The cryptography scheme that will allow the peer site and the NSX Edge to establish a shared secret over an insecure communications channel. 

Yes 

...

DH2, DH5, DH14, DH15, DH16 

Name 

 Enter the name of the VPN tunnel 

Yes 

...

e.g. VPN1 

Local ID 

 This is used to describe the Local Endpoint. Generally the Local Public IP is used. 

Yes 

e.g. 119.252.17.1 

Local IP 

 Select the Uplink Interface IP of the Edge Gateway. (Available on the ?Overview? tab of the VDC) 

Yes 

e.g. 119.252.17.1 

Local Subnets 

Enter the network(s) you want to designate as the internal network for the VPN. Subnets should be entered in CIDR format with comma as a separator. 

Yes 

e.g. 192.168.1.0/24, 192.168.2.0/24 

Peer ID 

 This is used to describe the Remote Endpoint. Generally the Remote Public IP is used. 

Yes 

e.g. 1.1.1.1 

Peer IP 

 Enter the Public IP address (outside) of the remote device with which you are establishing the VPN. 

Yes 

e.g. 1.1.1.1 

Peer Subnets 

Enter the network(s) you want to designate as the remote network for the VPN. Subnets should be entered in CIDR format with comma as a separator. 

Yes 

...

e.g. 10.0.1.0/24 

Pre-Shared Key 

 Indicates that the secret key shared between NSX Edge and the peer site is to be used for authentication. The secret key can be a string with a maximum length of 128 bytes. 

Yes 

...

MySecretKey1234 

Extension 

securelocaltrafficbyip=IPAddress to re-direct Edge?s local traffic over the IPSec VPN tunnel. This is the default value 
passthroughSubnets=PeerSubnetIPAddress to support overlapping subnets 

No 

securelocaltrafficbyip= 

  

passthroughSubnets=

...