By using the management interface of VMware Cloud Director Availability in the cloud site backed by NSX-T Data Center, organization administrators create the server side of the L2 VPN session, enabling the L2 stretch of one or more networks across the on-premises site.

After preparing VMware Cloud Director with an external network and an edge gateway as per the two steps in the prerequisites, and the on-premises site as per the Stretching Layer 2 Networks On-Premises procedure, follow the procedure below and create the server L2 VPN session.

Prerequisites

  • Verify that in both the cloud site and in the on-premises site VMware Cloud Director Availability 4.2 or later is successfully deployed.
  • Verify that the on-premises site is prepared for an L2 VPN session with NSX Autonomous Edge. For information about the order of the steps of the procedure, see Stretching Layer 2 Networks On-Premises.
  • Verify that NSX-T Data Center 3.1 or later is deployed in the cloud site to allow stretching of routed and isolated networks.
    Note:
  • Verify that VMware Cloud Director 10.1.0 or 10.2.1 is deployed to allow a single network stretch, or that VMware Cloud Director 10.2.2 or later is deployed to allow multiple networks stretches. The L2 stretch by using NSX-T Data Center does not support VMware Cloud Director versions earlier than 10.2.
  • Verify that the Organization Administrator user has rights to View L2 VPN and Configure L2 VPN. For information about the rights, see Users and Sessions in the VMware Cloud Director Availability Security Guide.
  • Verify that VMware Cloud Director is prepared to use NSX-T Data Center network resources, after adding an external network backed by a tier-0 gateway, then adding an NSX-T Data Center edge gateway that allows establishing the server L2 VPN session while providing the organization VDC networks with connectivity to external networks:
    1. Verify that in VMware Cloud Director the NSX-T backed external network is added. For more information, see Add an External Network That Is Backed by an NSX-T Data Center Tier-0 Gateway in the VMware Cloud Director documentation.
      Note: The VPN service is not supported in an active-active HA (high availability) mode of the tier-0 gateway. For more information, see Add a Tier-0 Gateway in the NSX-T Data Center documentation.
    2. Verify that in VMware Cloud Director the NSX-T Data Center edge gateway is added. For more information, see Add an NSX-T Data Center Edge Gateway in the VMware Cloud Director documentation.

Procedure

  1. Log in to the management interface of the Cloud Replication Management Appliance.
    1. In a Web browser, go to https://Appliance-IP-Address/ui/admin.
    2. Select Appliance login or SSO login and enter the root or the single sign-on user credentials.
    3. Click Login.
  2. In the left pane, under the Configuration section click L2 Stretch.
  3. Click L2 VPN Sessions.
  4. From the Gateway menu, select the edge gateway and click New.
    The NSX Gateway menu lists both NSX-T and NSX-V edge gateways that are registered and added in VMware Cloud Director. For information about using NSX-V for server L2 sessions, see Create a Server L2 VPN Session with NSX Data Center for vSphere in the Cloud.
  5. In the New L2 VPN server session window, configure the server L2 VPN session and click Create.
    1. In the Name text box, enter a name for this server L2 VPN session.
    2. In the Local Address text box, enter an IP address residing in the IP pool of the edge gateway at the server side of the L2 VPN session.
      The local IP address is a static IP address within the allocated IP range of the NSX edge gateway hosting the server L2 VPN session.
    3. In the Remote Address text box, enter the on-premises IP address at the client side of the L2 VPN session.
      Usually the remote IP address is the static endpoint IP address of the NSX Autonomous Edge on-premises. For more information, see Configure the Networks of the NSX Autonomous Edge On-Premises.
      Note: Ensure that the network communication between the local IP address in the cloud and the remote IP address on-premises exists unobstructed.
    4. In the Pre-shared Key text box, enter the pre-shared key as provided by your network administrator.

      Enter only visible ASCII characters, including space, excluding non-printable characters like Null, BEL, and so on. The pre-shared key must meet the following complexity requirements:

      • At least 8 characters
      • At least one uppercase letter
      • At least one lowercase letter
      • At least one digit
      • At least one special character
    5. In the Tunnel Interface text box, enter a private, non-routable subnet address in a CIDR notation.
    6. Under Server Network(s), to establish an L2 stretch select the server side networks to stretch.
      The number of available server networks to select, depends on the version of VMware Cloud Director. For information about the VMware Cloud Director versions, see the prerequisites above.
    Note: Attempting to delete the server L2 VPN session takes several minutes. Do not attempt to recreate the server L2 VPN session immediately after deletion as it fails due to the deletion progress in the background.

Results

You created the server L2 VPN session in the cloud site.

What to do next

You can now create the client L2 VPN session that completes the L2 stretch. For more information, see Stretching Layer 2 Networks On-Premises.