You can specify on a global level how your IPsec VPN connection to vCloud Air uses certificate authentication and a pre-shared key.

vCloud Air uses a pre-shared key with an IPsec VPN connection to authenticate the other peer. Even when the connection is encrypted, you need to know that the peer you are establishing a connection with is the one it should be. Encrypting the connection ensures confidentiality in the connection and a pre-shared key authenticates the other party.

You must import server certificates, CA certificates, or CRLs before you can enable certificate authentication.

1

Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.

See Log In and Navigate to Advanced Networking Services for information.

2

Click the Routing tab and IPSEC VPN.

3

Next to Global configuration status, click Change.

The Global Configuration dialog box appears.

4

Type a global pre-shared key for those sites whose peer endpoint is set to any and select Display shared key to display the key.

5

In the Extension text box, type one of the following options:

securelocaltrafficbyip=IPAddress to re-direct the edge gateway local traffic over the IPsec VPN tunnel. This is the default value.

passthroughSubnets=PeerSubnetIPAddress to support overlapping subnets.

6

Select Enable certificate authentication and select the appropriate certificate.

7

Click OK.

Configure the IPsec VPN connection to the remote site. See Set up an IPsec VPN Connection to a Remote Site.