Starting with version 10.1, VMware Cloud Director supports site-to-site policy-based IPSec VPN between an NSX-T Data Center edge gateway instance and a remote site.
IPSec VPN offers site-to-site connectivity between an edge gateway and remote sites which also use NSX-T Data Center or which have either third-party hardware routers or VPN gateways that support IPSec.
Policy-based IPSec VPN requires a VPN policy to be applied to packets to determine which traffic is to be protected by IPSec before being passed through a VPN tunnel. This type of VPN is considered static because when a local network topology and configuration change, the VPN policy settings must also be updated to accommodate the changes.
NSX-T Data Center edge gateways support split tunnel configuration, with IPSec traffic taking routing precedence.
VMware Cloud Director supports automatic route redistribution when you use IPSec VPN on an NSX-T edge gateway.