Enable/Disable L2 VPN

 
L2 VPN allows configuration of a tunnel between two sites. The VMs must be on the same subnet and the NSX Edge at on site provides all services to VMs on the other site. To create the tunnel, you will need to configure both a L2 VPN server and L2 VPN client. However, before doing so, you need to enable the L2 VPN service via the instructions below.
 
 
Step 1. On the Edge Services Gateway (ESG) click Manage -> VPN -> L2 VPN then click on Enable
 
1
 
Step 2. On Global Configuration Details select Change. Specify the Listener IP, Port, Encryption algorithm, and Certificate details. Again, you can either use a CA or Self-signed certificate you generated, or select Use System Generate Certificate then click OK
 
2
 
Step 3. You then want to add your peer site by clicking the + sign under Site Configuration Details. Specify the Name, User ID, Password, and stretched Interfaces then click OK Note: I could not select the stretched interface as I do not have one configured due to my lab being nested.
 
4
 
Step 4. Click Publish Changes
 
Step 5. Once the L2 VPN Server is complete, you will need to configure your L2 VPN Client In order to do so, you will need to have your Edge Services Gateway setup in your other vCenter Server site. Then follow the same steps above to Enable the L2VPN Service However, you will want to select the Client radio button under the L2VPN Mode
 
3
 
Step 6. Select Change under Global Configuration Details then enter your client settings for your other ESG site, then click OK. Again, I couldn’t add the Stretched interface due to my lab being nested.
 
5
 
Step 7. Click Publish Changes
 
Step 8. Ensure your Tunnel Status shows up
 
5
 
The tunnel should be fully configured and connected between the two ESG devices in different sites!
 

3 Comments

  1. mokhtar -  May 23, 2015 - 3:06 pm 116

    Hi Sir ,
    here in L2VPN to work properly you must configure Trunk interface
    please confirm me about this point if i will configure trunk interface you must attach it to ” Standard port group or Distributed port group ”
    let us we will select D Port group i think this port group must be in vlan “4095” to be trunk please confirm ,,

    Reply
  2. mokhtar -  June 1, 2015 - 2:05 pm 125

    Dear Sean ,

    please Waiting for your kind reply about this point ,

    BR
    Mokhtar

    Reply
    • Sean Whitney -  June 1, 2015 - 2:33 pm 126

      Hi Mokhtar,

      Yes I believe you are correct. I couldn’t test in my lab due to vlan limitations.

      Thanks,
      Sean

      Reply

Leave A Comment

Your email address will not be published. Required fields are marked (required):

Back to Top