How to create a s2s vpn tunnel in vCloud Director

How to create a s2s vpn tunnel in vCloud Director
Prerequisites to this guide:

• How to Create an Organization Network

• How to create a firewall rule

1. Login to Copaco VMware Cloud

   

2. When logged in to the Copaco VMware cloud environment go to: Networking -> Edges -> select the edge -> configure services

   

3. In the "Edge Gateway Settings" go to the VPN -> IPsec VPN -> menu and enable the "IPsec VPN service" by toggle it to the right

   

4. When the "IPsec VPN Service Status" is enabled go to "IPsec VPN sites"

   

5. In the "IPsec VPN sites" menu click on the "+" sign

   

6. The "Add IPsec VPN" configuration wizard opens. Enable the configuration by toggle the "Enable option" to the right. There are some required fields that needs to configure. Here we will describe what you need to fill in:

   

   • Name: Here you can enter a name for the VPN tunnel

   • Local ID: This is the IP Address of your Edge Gateway in VMware cloud

   You can find it here: Networking -> Edges -> Edge Gateway Settings

   

   • Local Endpoint: This is the same Address as you used for the Local ID

   • Local Subnet: This the private subnet that you have defined for your VMware cloud network

   
   You can find it here: Networking -> Networks -> select your network -> Check the Network gateway address and replace the last octed 254/24 with 0/24. (For example 192.168.2.254/24 should be 192.168.2.0/254)

   

   • Peer ID: This is the IP address of the On-premise firewall

   • Peer Endpoint: This is the same address as you used for the peer id

   • Peer Subnet: This is the subnet that you use in your on-premise environment

   • Encryption Algorithm: Here you can define which Algorithm you want to use. We support AES, AES256, AES-GCM, 3DES. (which algorithm you need to use depends on your on-premise firewall model)

   • Authentication: Here you can choose which authentication method you want to use; PSK or certificate. ( make sure that you use the same method on both sides.)

   • Pre-Shared key: Here you need to define a pre shared key (make sure that you use the same PSK on both sides.

   • Diffle-Hellman Group: Here you can define which DH group you want to use. We support DH5, DH 14, DH 15 and DH16. ( which algorithm you need to use depends on your on-premise firewall model)

   

   
   When you have filled in all the information click on the KEEP button

   At this point you need to configure the On-premise side. You need to use the following settings:

    

   Phase 1:

   > IKE Version: Ikev1

   > Authentication Algorithm: sha1

   > SA Lifetime: 28800 seconds

    

   Phase 2:

    > Authentication Algorithm: sha1

   > SA Lifetime: 3600 seconds

    
   These settings are static; we cannot modify them.