Virtual Data Center is include NSX Edge. One of NSX Edge features is IPsec VPN. Client can have one and more tunnel VPN established on Zettagrid to many sites. IPsec VPN use Policy-Based IPSec VPN.
In a policy-based IPSec VPN, you explicitly configure the subnets behind the NSX Edge on the local site that require secure and encrypted communication with the remote subnets on the peer site. When the local IPSec VPN site originates traffic from unprotected local subnets to the protected remote subnets on the peer site, the traffic is dropped.
The local subnets behind an NSX Edge must have address ranges that do not overlap with the IP addresses on the peer VPN site. If the local and remote peer across an IPsec VPN tunnel has overlapping IP addresses, traffic forwarding across the tunnel might not be consistent.
You can deploy an NSX Edge agent behind a NAT device. In this deployment, the NAT device translates the VPN address of an NSX Edge instance to a publicly accessible address facing the Internet. Remote VPN sites use this public address to access the NSX Edge instance.
In this article, will explain to you how to setup IPsec VPN tunnel on Zettagrid site, not on On-premise site. Configuration are made on Zettagrid site must be match to On-premise site. How to setup tunnel on On-premise site will depend on what hardware will used.
Before using this guide, please ensure these following:
- You have subscribe to Virtual Data Center and access to vCloud Director
- IPsec configuration understanding
- Topology or know what connection you want to established
1. Go to your vCloud Director, next Edge > Services.
2. Next, select the Gateway name DC_XXXXXX.
3. Next, select Services.
4. Next, select VPN.
5. Tab and enable “IPsec VPN Service Status”.
6. Next, click Save Changes.
7. Next, select IPsec VPN Sites.
8. Next, click “+”.
9. You can fill the form with your configuration and keep.
10. Next, click Save Change to save the IPsec VPN configuration.