Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

 

To enable a IPSec VPN on your VMware VDC : 

1. Go to your vCloud Director 

2. Go to "Edge" > "Configure Services

 

3. Go to "VPN" tab and enable "IPSec VPN Service Status"

 

4. Go to "IPSec VPN Sites" and click "+"

 

5. You will see IPSec VPN Configuration form 

 

6. You can fill the form with your IPSec VPN Configuration (*)

 

7. You can add Local Subnet IP & Peer Subnet IP on Firewall configuration the IP should be added back and forth

 

VPN Settings (*)

 

Field 

Description 

Required 

Options/Example 

Enable VPN 

Ensure that this is Enabled. 

Yes 

 On / Off 

Perfect Forward Security 

Ensure that this is enabled. PFS will ensure the same key will not be generated again, so forcing a new diffie-hellman key exchange 

Yes 

 On / Off 

Encryption Algorithm 

The Encryption Protocol reflects what is configured on the remote site VPN device 

 Yes 

 AES-256, AES, 3DES 

DH Group 

The cryptography scheme that will allow the peer site and the NSX Edge to establish a shared secret over an insecure communications channel. 

Yes 

 DH2, DH5 

Name 

 Enter the name of the VPN tunnel 

Yes 

 e.g. VPN1 

Local ID 

 This is used to describe the Local Endpoint. Generally the Local Public IP is used. 

Yes 

e.g. 119.252.17.1 

Local IP 

 Select the Uplink Interface IP of the Edge Gateway. (Available on the ?Overview? tab of the VDC) 

Yes 

e.g. 119.252.17.1 

Local Subnets 

Enter the network(s) you want to designate as the internal network for the VPN. Subnets should be entered in CIDR format with comma as a separator. 

Yes 

e.g. 192.168.1.0/24, 192.168.2.0/24 

Peer ID 

 This is used to describe the Remote Endpoint. Generally the Remote Public IP is used. 

Yes 

e.g. 1.1.1.1 

Peer IP 

 Enter the Public IP address (outside) of the remote device with which you are establishing the VPN. 

Yes 

e.g. 1.1.1.1 

Peer Subnets 

Enter the network(s) you want to designate as the remote network for the VPN. Subnets should be entered in CIDR format with comma as a separator. 

Yes 

 e.g. 10.0.1.0/24 

Pre-Shared Key 

 Indicates that the secret key shared between NSX Edge and the peer site is to be used for authentication. The secret key can be a string with a maximum length of 128 bytes. 

Yes 

 MySecretKey1234 

Extension 

securelocaltrafficbyip=IPAddress to re-direct Edge?s local traffic over the IPSec VPN tunnel. This is the default value 
passthroughSubnets=PeerSubnetIPAddress to support overlapping subnets 

No 

securelocaltrafficbyip= 

  

passthroughSubnets= 

 
 

 

 

 

  • No labels