NSX-T: How to configure an IPSEC solution

1. IPSEC service should be created first to configure IPSec VPN further, once IPSEC service is created given in the IPSec VPN creation section, go to Local Endpoints menu under VPN.

2. Click on “ADD LOCAL ENDPOINT“.

3. Fill the “Name“, “IP Address“, and “Local ID” field for Local Endpoint.

4. In case you are using certificate based authentication then you may select certificate.

5. Click on “SAVE” to save the local Endpoint.

6. If you want to create custom profiles(IKE, IPSec, DPD) then go to Profiles Menu and choose the profile you want to create else if you want to use Default profiles then skip to Step 9.

7. Fill in the Name and Choose IKE Version, Encryption Algorithm, Digest Algorithm, Diffie-Hellman (The cryptography schemes that the peer site and the NSX Edge use to establish a shared secret over an insecure communications channel.) from the Drop Down list.

8. Enter “Security Association(SA)” Lifetime (seconds) if you want it different from Default and at last click on “SAVE“.

9. Now go to “IPSec Sessions“, then click “Policy Based” session if you want to create Policy Based IPSec Session, for “Route Based” session creation go to “Step 17“.

10. Fill in the “Name” for the IPSec session.

11. Select “VPN Service” which you created earlier.

12. Select “LocalEndpoint” which you created earlier.

13. Provide “Remote IP“, “Remote ID“, “Local Networks“, and “Remote Networks” IP/Subnet.

14. Enter “Pre-shared” Key value if Authentication Mode is PSK.

15. Under “Advanced Properties” You may choose the custom profiles you may have created or choose the default.

16. Verify the fields you have filled in and Click on “SAVE” to create the IPSEC Session.

17. For Route Based IPSec session creation, follow the above Steps from 1 to 6 first.

18. Now after selecting Route Based IP Session, fill out all the required fields.

19. Fill the “Name” for the IPSec session.

20. Select “VPN Service” which you created earlier for route based ipsec session.

21. Select “LocalEndpoint” which you created earlierfor route based ipsec session.

22. Provide “Remote IP“, “Remote ID“, “Local Networks“, and “Remote Networks” IP/Subnet.

23. Enter “Pre-shared” Key value if Authentication Mode is PSK.

24. Under “Advanced Properties” You may choose the custom profiles you may have created or choose the default.

25. Now click on “SAVE“.

Overview

Practical sheets

API

Backup

Cloud Customer Space

Contractual documents

Help and technical assistance

Online help

Roles and users

Technical Dashboards

The Support

Virtual Data Center ressources

Network

Networks and External Interconnections (links)

VDC Networks

Security

Services Area

Log in to the service area

Services

Storage

Objet Storage (S3)

Advanced features implementation guide

Getting Started

Service user manual

VDC & Virtual Machines

vCOD

Virtual Machines

Advanced Operations

Known Issues

Main Operations

VMware Cloud Director (VCD)

Catalogs

VMWare Cloud Director Availability (vCDA)

Q & A

Services

NSX-T: How to configure an IPSEC solution