Enable/Disable L2 VPN
L2 VPN allows configuration of a tunnel between two sites. The VMs must be on the same subnet and the NSX Edge at on site provides all services to VMs on the other site. To create the tunnel, you will need to configure both a L2 VPN server and L2 VPN client. However, before doing so, you need to enable the L2 VPN service via the instructions below.
Step 1. On the Edge Services Gateway (ESG) click Manage -> VPN -> L2 VPN then click on Enable
Step 2. On Global Configuration Details select Change. Specify the Listener IP, Port, Encryption algorithm, and Certificate details. Again, you can either use a CA or Self-signed certificate you generated, or select Use System Generate Certificate then click OK
Step 3. You then want to add your peer site by clicking the + sign under Site Configuration Details. Specify the Name, User ID, Password, and stretched Interfaces then click OK Note: I could not select the stretched interface as I do not have one configured due to my lab being nested.
Step 4. Click Publish Changes
Step 5. Once the L2 VPN Server is complete, you will need to configure your L2 VPN Client In order to do so, you will need to have your Edge Services Gateway setup in your other vCenter Server site. Then follow the same steps above to Enable the L2VPN Service However, you will want to select the Client radio button under the L2VPN Mode
Step 6. Select Change under Global Configuration Details then enter your client settings for your other ESG site, then click OK. Again, I couldn’t add the Stretched interface due to my lab being nested.
Step 7. Click Publish Changes
Step 8. Ensure your Tunnel Status shows up
The tunnel should be fully configured and connected between the two ESG devices in different sites!