Use the Global Configuration screen to configure IPsec VPN authentication settings at an edge gateway level. On this screen, you can set a global pre-shared key and enable certification authentication.
A global pre-shared key is used for those sites whose peer endpoint is set to any.
Prerequisites
- If you intend to enable certificate authentication, verify that you have at least one service certificate and corresponding CA-signed certificates in the Certificates screen. Self-signed certificates cannot be used for IPsec VPNs. See Add a Service Certificate to the Edge Gateway Using Your VMware Cloud Director Tenant Portal.
- Navigate to the IPsec VPN Screen on an NSX Data Center for vSphere Edge Gateway in the VMware Cloud Director Tenant Portal.
Procedure
- Open Edge Gateway Services.
- In the top navigation bar, click Networking and click Edge Gateways.
- Select the edge gateway that you want to edit and click Services.
- On the IPsec VPN tab, click Global Configuration.
- (Optional) Set a global pre-shared key:
- Enable the Change Shared Key option.
- Enter a pre-shared key.
The global pre-shared key (PSK) is shared by all the sites whose peer endpoint is set to any. If a global PSK is already set, changing the PSK to an empty value and saving it has no effect on the existing setting.
- (Optional) Optionally enable Display Shared Key to make the pre-shared key visible.
- Click Save changes.
- Configure certification authentication:
- Turn on Enable Certificate Authentication.
- Select the appropriate service certificates, CA certificates, and CRLs.
- Click Save changes.
What to do next
You can optionally enable logging for the IPsec VPN service of the edge gateway. See Statistics and Logs for an NSX Data Center for vSphere Edge Gateway in the VMware Cloud Director Tenant Portal.
