Internet Protocol Security (IPsec) is a protocol suite for securing the IP packets of a communication session. vCloud AirVirtual Private Cloud OnDemand supports using IPsec to create a secure VPN connection between your Virtual Private Cloud OnDemand public cloud and a remote site, such as your on-premises data center.

The gateway supports the following IPsec functionality for IPsec VPN connections between sites:

Certificate authentication using pre-shared key mode

IP unicast traffic (but not dynamic routing) between the gateway and remote VPN routers

The ability to configure multiple subnets per remote VPN router to connect an IPsec VPN to a gateway network on the gateway's inside interface

Note

The VPN router subnets and the gateway network cannot have overlapping IP address ranges. They must use different subnets because the IPsec VPN connection requires they have different local endpoint IP addresses.

A maximum of 64 IPsec VPN connections across a maximum of 10 sites

Deploying a gateway behind a NAT device to translate the gateway's VPN IP address to a public IP address accessible from the Internet

Remote VPN routers use the public IP address to access the gateway.

Deploying remote VPN routers behind a NAT device

When deploying a remote VPN router behind a NAT device, configure the IPsec VPN connection using the VPN native IP address and the VPN Gateway ID. On both sides of the connection, configure static one-to-one NAT for the VPN IP address.

See Set up an IPsec VPN Connection to a Remote Site in this guide for the steps to set up an IPsec VPN connection in vCloud Air.

See also Create a VPN Tunnel to a Remote Network in vCloud Director Administrator's Guide

See also Enable VPN for an Organization Virtual Datacenter Network in vCloud Director Administrator's Guide