How to create an IPSEC tunnel NSX-V <=>NSX-V (Vcloud)
introduction
This a working example of IPSEC tunnel between an NSX-V egde .
side 1 is Vcloud edge from a Vcloud tenant
side 2 is the CCB NSX-V edge from NLvc01
important is the combination of encryption , authentication & digest settings (IKE , Diffie-helman group , ..)
use How to create a s2s vpn tunnel in vCloud Director for explanation of the values
IPSEC tunnel name | Tenant wan IP | Tenant lan subnet | CCB wan IP | CCB lan subnet |
|---|---|---|---|---|
TF_monitoring | 185.105.202.33 | 10.0.1.96/27 | 5.172.216.45 | 10.38.18.0/24 |
procedure
side 1 configuration : Vcloud tenant side
IPsec configuration
enable IPSEC VPN Service status
add an IPsec vpn site
firewall configuration
add an additional VPN rule to allow traffic initiated from remote site (central site in this case)
you will need another rule for traffic initiated from local site .
side 2 configuration : side NSX -V CCB side
CCB edge is located on https://nlvc01.mgmt.cloudnet.services
IPsec configuration
add a new IPsec VPN site in CCB-NSX-EDGE01
-click save
firewall configuration
a general rule is already made for traffic initiated from local site .
check the tunnel status
Click show statistics
-Enabled is green.
-1 tunnel is up 0 tunnel are down.
it is OK