You can specify on a global level how your IPsec VPN connection to vCloud Air uses certificate authentication and a pre-shared key.

vCloud Air uses a pre-shared key with an IPsec VPN connection to authenticate the other peer. Even when the connection is encrypted, you need to know that the peer you are establishing a connection with is the one it should be. Encrypting the connection ensures confidentiality in the connection and a pre-shared key authenticates the other party.

You must import server certificates, CA certificates, or CRLs before you can enable certificate authentication.


Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.

See Log In and Navigate to Advanced Networking Services for information.


Click the Routing tab and IPSEC VPN.


Next to Global configuration status, click Change.

The Global Configuration dialog box appears.


Type a global pre-shared key for those sites whose peer endpoint is set to any and select Display shared key to display the key.


In the Extension text box, type one of the following options:

securelocaltrafficbyip=IPAddress to re-direct the edge gateway local traffic over the IPsec VPN tunnel. This is the default value.

passthroughSubnets=PeerSubnetIPAddress to support overlapping subnets.


Select Enable certificate authentication and select the appropriate certificate.


Click OK.

Configure the IPsec VPN connection to the remote site. See Set up an IPsec VPN Connection to a Remote Site.