Versions Compared

Old Version 28

changes.mady.by.user MS

Saved on

compared with

New Version Current

changes.mady.by.user MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This page describes how to use the VPN feature that enables you to create site-to-site VPNs between virtual datacenters and other virtual datacenters, or other entities. 

For details of the VPN feature and how to configure it for specific providers, see:

This feature is available in datacenters:

  • Using Datacenters using VMware with NSX-V (and the NSX-NAT or NSX-gateway plugin)

  • Using Datacenters using VMware with NSX-T (requires NAT - IPs as endpoints).

  • AWS

  • Azure

To manage VPNs:

  1. Go to MyCloud viewVirtual datacenters

  2. Select a virtual datacenter

  3. Go to Network → VPN

...

Support for VPNs is per VDC, which means you need to create a separate VPN site for each connected virtual datacenter. Both sites of a VPN must have the same encryption and authentication settings, and inverse local and remote network configurations.

...

Tip

  • In Azure you can create a VPN using a dummy placeholder address for the local gateway (site 1) and edit it after you create the Azure VPN site

  • In NSX-T you can delete and re-create a site instead of editing it

  • Azure may automatically select a compatible encryption type

  • In AWS you must supply the IP address of site 1 and you cannot edit it, so you must create site 1 first and the VPN site in AWS will always be site 2

To create a VPN site in a virtual datacenter:

  1. We recommend that you check that the private networks for your VPN sites (local and remote) have different IP address ranges. If necessary create a new private network, and you may also decide to make it the default network for the virtual datacenter. See Manage networks

  2. In NSX-T, for the VPN endpoint, obtain a NAT IP for the virtual datacenter.
    You don’t need to create any NAT rules to create a VPN. Tip: check if your provider allows SNAT and DNAT traffic to VMs in the VDC from the internet or from IP/network addresses or NSX-T groups.
    For more details see Manage NAT for virtual datacenters

  3. Create a firewall to allow traffic to the VMs in your VPN. See Manage firewalls

  4. Obtain the values of the remote endpoint and network. They don’t need to exist when you create the VPN, but if you need to change them, you will need to delete the site and recreate it.

  5. Go to myCloud view → Virtual datacenters and select a virtual datacenter

  6. Go to Networks → VPN

  7. To create the VPN site, click the + add button and enter the VPN details. For full details see the Create VPN reference table below

  8. Go to your other VDC or provider and create the remote VPN site.

...

To create the VPN site for site2 in another VDC:

  1. Select the virtual datacenter

  2. Add another VPN site using the same encryption and authentication settings, and the remote network configuration of the first VPN site as the local values. 

To check the status of your VPN in a virtual datacenter:

  1. Go to myCloud → Virtual datacenters → select the virtual datacenter

  2. Go to Networks → VPN

  3. Beside the VPN details, click Check

Create VPN reference table

...