How to create a s2s vpn tunnel in vCloud Director
How to create a s2s vpn tunnel in vCloud Director
Prerequisites to this guide:
Login to Copaco VMware Cloud
When logged in to the Copaco VMware cloud environment go to: Networking -> Edges -> select the edge -> configure services
In the "Edge Gateway Settings" go to the VPN -> IPsec VPN -> menu and enable the "IPsec VPN service" by toggle it to the right
When the "IPsec VPN Service Status" is enabled go to "IPsec VPN sites"
In the "IPsec VPN sites" menu click on the "+" sign
The "Add IPsec VPN" configuration wizard opens. Enable the configuration by toggle the "Enable option" to the right. There are some required fields that needs to configure. Here we will describe what you need to fill in:
Name: Here you can enter a name for the VPN tunnel
Local ID: This is the IP Address of your Edge Gateway in VMware cloud
You can find it here: Networking -> Edges -> Edge Gateway Settings
Local Endpoint: This is the same Address as you used for the Local ID
Local Subnet: This the private subnet that you have defined for your VMware cloud network
You can find it here: Networking -> Networks -> select your network -> Check the Network gateway address and replace the last octed 254/24 with 0/24. (For example 192.168.2.254/24 should be 192.168.2.0/254)Peer ID: This is the IP address of the On-premise firewall
Peer Endpoint: This is the same address as you used for the peer id
Peer Subnet: This is the subnet that you use in your on-premise environment
Encryption Algorithm: Here you can define which Algorithm you want to use. We support AES, AES256, AES-GCM, 3DES. (which algorithm you need to use depends on your on-premise firewall model)
Authentication: Here you can choose which authentication method you want to use; PSK or certificate. ( make sure that you use the same method on both sides.)
Pre-Shared key: Here you need to define a pre shared key (make sure that you use the same PSK on both sides.
Diffle-Hellman Group: Here you can define which DH group you want to use. We support DH5, DH 14, DH 15 and DH16. ( which algorithm you need to use depends on your on-premise firewall model)
When you have filled in all the information click on the KEEP buttonAt this point you need to configure the On-premise side. You need to use the following settings:
Phase 1:
> IKE Version: Ikev1
> Authentication Algorithm: sha1
> SA Lifetime: 28800 seconds
Phase 2:
> Authentication Algorithm: sha1
> SA Lifetime: 3600 seconds
These settings are static; we cannot modify them.