By using the management interface of VMware Cloud Director Availability in the cloud site backed by NSX, organization administrators create the server side of the L2 VPN session, enabling the L2 stretch of one or more networks across the on-premises site.
Prerequisites
- Verify that in both the cloud site and in the on-premises site VMware Cloud Director Availability 4.2 or later is successfully deployed.
- Verify that the on-premises site is prepared for an L2 VPN session with NSX Autonomous Edge. For information about the order of the steps of the procedure, see On-premises stretching layer 2 networks to the Cloud Director site.
- Verify that NSX 3.1 or later is deployed in the cloud site to allow stretching of routed and isolated networks.
Note:
- Using earlier NSX versions allows only routed networks stretch.
- For NSX Data Center for vSphere (NSX-V), skip this procedure and see Create a server L2 VPN session with NSX Data Center for vSphere in the Cloud Director site.
- Verify that VMware Cloud Director 10.1.0 or 10.2.1 is deployed to allow a single network stretch, or that VMware Cloud Director 10.2.2 or later is deployed to allow multiple networks stretches. The L2 stretch by using NSX does not support VMware Cloud Director versions earlier than 10.2.
Note: VMware Cloud Director 10.3.1 and later do not support isolated networks. To stretch isolated networks use VMware Cloud Director 10.3.0 or earlier.
- Verify that the Organization Administrator user has rights to View L2 VPN and Configure L2 VPN. For information about the rights, see Users and sessions in the Security Guide.
- Verify that VMware Cloud Director is prepared to use NSX network resources, after adding an external network backed by a tier-0 gateway, then adding an NSX edge gateway that allows establishing the server L2 VPN session while providing the organization VDC networks with connectivity to external networks:
- Verify that in VMware Cloud Director the NSX backed external network is added. For more information, see Add a Provider Gateway in Your VMware Cloud Director in the VMware Cloud Director documentation.
Note: The VPN service is not supported in an active-active HA (high availability) mode of the tier-0 gateway. For more information, see Add a Tier-0 Gateway in the NSX documentation.
- Verify that in VMware Cloud Director the NSX edge gateway is added. For more information, see Add an Edge Gateway Backed by an NSX Provider Gateway in VMware Cloud Director in the VMware Cloud Director documentation.
- Verify that in VMware Cloud Director the NSX backed external network is added. For more information, see Add a Provider Gateway in Your VMware Cloud Director in the VMware Cloud Director documentation.
Procedure
Results
You created the server L2 VPN session in the cloud site.
What to do next
You can now create the client L2 VPN session that completes the L2 stretch. For more information, see On-premises stretching layer 2 networks to the Cloud Director site.