The platform enables you to create VPNs between virtual datacenter networks, and other entities. These VPNs use the IPsec framework.
To work with VPNs, go to Virtual datacenters → select a Virtual datacenter → Network → VPN
Initial support for VPNs requires you to create a VPN entity for each side of a VPN that connects to virtual datacenter network. Both sides of a VPN must have the same encryption and authentication settings, as well as the inverse local and remote network configurations.
It may be helpful to complete this table to record your network values before you create your VPN:
| VDC name | VDC1 | VDC2 |
|---|---|---|
| VPN entity name | ||
NAT IP | ||
| Private networks |
For example:
| VDC name | VDC1 | VDC2 |
|---|---|---|
| VPN entity name | axsdTOaxsd2 | axsd2TOaxsd |
NAT IP | 10.200.100.8 | 10.200.100.23 |
| Private networks |
|
|
To work with VPNs from private cloud to public cloud, define the VPN entity in private cloud first.
.
| AWS | VMware NSX | |
|---|---|---|
| Encryption | AES | AES, AES256, Triple DES, AES-GCM |
| Perfect forward secrecy enabled | mandatory | optional |
| DH group | DH2 | DH2, DH5, DH14 |
| Authentication | PSK (mandatory) | PSK (mandatory) |
To create a VPN entity
- Go to Virtual datacenters → select a Virtual datacenter → Network → VPN
- Click the + Add button and enter the VPN details
The platform will create the VPN entity for the first side of the VPN.
If the other side of the VPN will be in another VDC in the cloud, select the other VDC, then add another VPN entity using the remote network configuration of the first VPN as the local values.
So in this example, the local network endpoint for the second VPN entity would be 10.200.100.23 and the local network would be 192.168.200.0/24. The remote endpoint would be 10.200.100.8 and the remote network would be 192.168.0.0/24.
After you have created both sides of the VPN, on the VPNs tab, to check the connection in the network virtualization system, click the Check link in the VPN Status column, or when you edit the VPN.