Use the Global Configuration screen in the vCloud Director tenant portal to configure IPsec VPN authentication settings at an edge gateway level. On this screen, you can set a global pre-shared key and enable certification authentication.

A global pre-shared key is used for those sites whose peer endpoint is set to any.

If you intend to enable certificate authentication, verify you have at least one service certificate and corresponding CA-signed certificates in the tenant portal's Certificates screen. Self-signed certificates cannot be used for IPsec VPNs. See Add a Service Certificate to the Edge Gateway.

For the ability to use the vCloud Director tenant portal to work with an edge gateway's settings, the edge gateway must have already been converted to an advanced edge gateway using the Convert to Advanced Gateway action on the edge gateway in the vCloud Director Web console. See the vCloud Director Administrator's Guide for details.

1

Launch the tenant portal using the following steps.

a

Log in to the vCloud Director Web console and navigate to the edge gateway.

b

Right-click the name of the edge gateway and click Edge Gateway Services in the context menu.

The tenant portal opens in a new browser tab and displays the Edge Gateway screen for that edge gateway.

2

Navigate to VPN > IPsec VPN > Global Configuration

3

(Optional) Set a global pre-shared key:

a

Turn on the Change Shared Key toggle.

b

Type a pre-shared key.

c

(Optional) Optionally turn on the Display Shared Key toggle to make the pre-shared key visible.

d

Click Save changes.

4

Configure certification authentication:

a

Turn on the Enable Certification Authentication toggle.

b

Select the appropriate service certificate, CA certificates, and CRLs.

c

Click Save changes.

You can optionally enable logging for the edge gateway's IPsec VPN service. See Statistics and Logs in the vCloud Director Tenant Portal.