Versions Compared

Old Version 26

changes.mady.by.user Lou M

Saved on

compared with

New Version 27

changes.mady.by.user Lou M

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The platform enables you to create site-to-site VPNs between virtual datacenters and other virtual datacenters or other entities. 

This feature is available in datacenters using VMware with NSX-NAT or NSX-gateway.

To manage VPNs, go to Virtual datacenters → select a virtual datacenter → Network → VPN

VPNs in virtual datacenter viewImage Modified

Initial support for VPNs is per VDC, which means you need to create a separate VPN site for each connected virtual datacenter. Both sites of a VPN must have the same encryption and authentication settings, and inverse local and remote network configurations.

The following table describes VPN functionality in the providers.

AWS

VMware NSX

Azure

Encryption

AES

AES, AES256, Triple DES, AES-GCM

AES128_SHA1, AES128_SHA256, AES256_SHA1,
AES256_SHA256, _3DES_SHA1, _3DES_SHA256

Perfect forward secrecy enabled

always enabled

optional

always disabled

DH group

DH2

DH2, DH5, DH14

DH2, DH14

Authentication

PSK (mandatory)

PSK (mandatory)

PSK (mandatory)

To connect private cloud with public cloud, define the VPN site in private cloud first. 

Tip

  • In Azure you can create a VPN using a dummy address for the local gateway (site 1) and edit it after you create the Azure VPN site

  • Azure may automatically select a compatible encryption type

  • In AWS you must supply the IP address of site 1 and you cannot edit it, so you must create site 1 first and the VPN site in AWS will always be site 2

To create the VPN site for site1:

  1. Go to Virtual datacenters → select a virtual datacenter → Network → VPN

  2. Click the + add button and enter the VPN details

The platform will create the VPN site.

Image RemovedImage RemovedCreate VPN (part 1)Image AddedCreate VPN (part 2)Image Added
Expand
titleClick here to display details of create a VPN

Button

Action

Name

Name of the VPN

Encryption algorithm

Select the encryption algorithm

Perfect forward secrecy enabled

Select to enable perfect forward secrecy to protect your session keys

DH group

Diffie-Hellman group for the VPN

Authentication

Select for PSK authentication. PSK or Preshared key authentication may be mandatory in some providers

Preshared key

Enter preshared key to use for this session. Click the link beside the text entry box to show or hide the value of the key.
For AWS the PSK must be alphanumeric or "." or"_", between 8 and 64 characters, and cannot start with 0.

Local endpoint

NAT IP in the VDC or an automatically generated address in public cloud

Local networks

Select VDC networks. We recommend that you do not use the default private network addresses for both sides of a VPN

Remote endpoint

NAT IP in the remote VDC

Remote networks

Add network addresses using CIDR notation. Click x beside a network to remove it from the VPN configuration

To create the VPN site for site2 in another VDC:

  1. Select the Virtual datacenter

  2. Add another VPN site using the same encryption and authentication settings, and the remote network configuration of the first VPN site as the local values. 

After you have created both VPN sites, on the VPNs tab, to check the connection in the network virtualization system, click the Check link in the VPN Status column, or when you edit a VPN site.