Starting with version 10.1, VMware Cloud Director supports site-to-site policy-based IPSec VPN between an NSX edge gateway instance and a remote site.

IPSec VPN offers site-to-site connectivity between an edge gateway and remote sites which also use NSX or which have either third-party hardware routers or VPN gateways that support IPSec.

Policy-based IPSec VPN requires a VPN policy to be applied to packets to determine which traffic is to be protected by IPSec before being passed through a VPN tunnel. This type of VPN is considered static because when a local network topology and configuration change, the VPN policy settings must also be updated to accommodate the changes.

NSX edge gateways support split tunnel configuration, with IPSec traffic taking routing precedence.

VMware Cloud Director supports automatic route redistribution when you use IPSec VPN on an NSX edge gateway.