The L2 VPN client is the source NSX edge that initiates communication with the destination NSX edge, the L2 VPN server.
- Navigate to the L2 VPN Screen.
- If this L2 VPN client is connecting to an L2 VPN server that uses a server certificate, verify that the corresponding CA certificate is uploaded to the edge gateway to enable server certificate validation for this L2 VPN client. See Add a CA Certificate to the Edge Gateway for SSL Certificate Trust Verification.
- On the L2 VPN tab, select Client for the L2 VPN mode.
- On the Client Global tab, configure the global configuration details of the L2 VPN client.
Option Description Server Address Enter the IP address of the L2 VPN server to which this client is to be connected. Server Port Enter the L2 VPN server port to which the client should connect.
The default port is 443.
Encryption Algorithm Select the encryption algorithm for communicating with the server. Stretched Interfaces Select the subinterfaces to be stretched to the server.
The subinterfaces available to select are the organization virtual data center networks configured as subinterfaces on the edge gateway.
Egress Optimization Gateway Address (Optional) If the default gateway for virtual machines is the same across the two sites, type the gateway IP addresses of the subinterfaces or the IP addresses to which traffic should not flow over the tunnel. User Details Enter the user ID and password for authentication with the server.
- Click Save changes.
- (Optional) To configure advanced options, click the Client Advanced tab.
- If this L2 VPN client edge does not have direct access to the Internet, and must reach the L2 VPN server edge by using a proxy server, specify the proxy settings.
Option Description Enable Secure Proxy Select to enable the secure proxy. Address Enter the proxy server IP address. Port Enter the proxy server port.
Enter the proxy server authentication credentials.
- To enable server certification validation, click Change CA certificate and select the appropriate CA certificate.
- Click Save changes.
What to do next
Enable the L2 VPN service on this edge gateway. See Enable the L2 VPN Service on an NSX Data Center for vSphere Edge Gateway.