You can set up an NSX Edge tunnel between a local subnet and a peer subnet.

Note

If you connect to a remote site via IPSec VPN, the IP address of that site cannot be learnt by Dynamic Routing on the Edge uplink.

1

You must enable the IPSec VPN service for traffic to flow from the local subnet to the peer subnet.

2

To enable certificate authentication for IPSec, server certificates and corresponding CA-signed certificates must be imported. Optionally, you can use an open-source command-line tool such as OpenSSL to generate CA-signed certificates.

3

This enables IPSec VPN on the NSX Edge instance.

4

You can enable logging of all IPSec VPN traffic.

5

You must configure at least one external IP address on the NSX Edge to provide IPSec VPN service.