Table of Contents
Overview
This article will guide you through configuring an L2 VPN on the NSX Edge Gateway managing your DR environment.
Navigate to the L2 VPN Screen
- Open Edge Gateway Services.
- From the top navigation bar, select Resources, and click the Cloud Resources tab.
- In the left panel, click Edge Gateways.
- Click the radio button next to the name of the target edge gateway, and click Services.
- Navigate to .
Configure the Edge Gateway as an L2 VPN Server
- On the L2 VPN tab, select Server for the L2 VPN mode.
On the Server Global tab, configure the L2 VPN server's global configuration details.
Option Action Listener IP Select the primary or secondary IP address of an external interface of the edge gateway. Listener Port Edit the displayed value as appropriate for the needs of your organization.
The default port for the L2 VPN service is 443.
Encryption Algorithm Select the encryption algorithm for the communication between the server and the client. Service Certificate Details Click Change server certificate to select the certificate to be bound to the L2 VPN server.
In the Change Server Certificate window, turn on Validate Server Certificate, select a server certificate from the list, and click OK.
- To configure the peer sites, click the Server Sites tab.
- Click the Add button.
Configure the settings for an L2 VPN peer site.
Option Action Enabled Enable this peer site. Name Enter a unique name for the peer site. Description (Optional) Type a description. User ID
Password
Confirm Password
Enter the user name and password with which the peer site is to be authenticated.
User credentials on the peer site must be the same as the credentials on the client side.
Stretched Interfaces Select at least one subinterface to be stretched with the client.
The subinterfaces available for selection are those organization virtual data center networks configured as subinterfaces on the edge gateway.
Egress Optimization Gateway Address (Optional) If the default gateway for virtual machines is the same across the two sites, enter the gateway IP addresses of the subinterfaces for which you want the traffic locally routed or blocked over the L2 VPN tunnel. - Click Keep.
- Click Save Changes.
Configure the Edge Gateway as an L2 VPN Client
- On the L2 VPN tab, select Client for the L2 VPN mode.
On the Client Global tab, configure the global configuration details of the L2 VPN client.
Option Description Server Address Enter the IP address of the L2 VPN server to which this client is to be connected. Server Port Enter the L2 VPN server port to which the client should connect.
The default port is 443.
Encryption Algorithm Select the encryption algorithm for communicating with the server. Stretched Interfaces Select the subinterfaces to be stretched to the server.
The subinterfaces available to select are the organization's virtual data center networks configured as subinterfaces on the edge gateway.
Egress Optimization Gateway Address (Optional) If the default gateway for virtual machines is the same across the two sites, type the gateway IP addresses of the subinterfaces or the IP addresses to which traffic should not flow over the tunnel. User Details Enter the user ID and password for authentication with the server. - Click Save Changes.
- (Optional) To configure advanced options, click the Client Advanced tab.
If this L2 VPN client edge does not have direct access to the Internet and must reach the L2 VPN server edge by using a proxy server, specify the proxy settings.
Option Description Enable Secure Proxy Select to enable the secure proxy. Address Enter the proxy server IP address. Port Enter the proxy server port. User Name
Password
Enter the proxy server authentication credentials. - To enable server certification validation, click Change CA certificate and select the appropriate CA certificate.
- Click Save Changes.
Enable the L2 VPN Service
- On the L2 VPN tab, click the Enable toggle.
- Click Save Changes.