Autoconfigure Route-Based IPSec VPN for a VMware Cloud Director Dedicated Provider Gateway

You can use the VMware Cloud Director Tenant Portal to autoconfigure a route-based IPSec VPN tunnel on a dedicated provider gateway, which automatically creates an IPSec VPN tunnel, IP space uplink, and the associated BGP prefixes, maps, and neighbor in VMware Cloud Director.

Prerequisites

Verify that your provider gateway is private.
VMware Cloud Director uses the IP space for defining the networks advertised through the IPSec VPN tunnel. Verify that your VMware Cloud Director deployment has at least one IP space. See Working with IP Spaces in the VMware Cloud Director Tenant Portal.

Procedure

From the primary left navigation panel, select Networking, and from the page top navigation bar, select Provider Gateways.
Click the name of the target dedicated provider gateway.
On the right of the provider gateway name, click Autoconfigure > IPSec VPN.
Enter a name for the IPSec VPN tunnel.
From the drop-down menu, select an IP space.
Enter the IP address for the remote endpoint.
From the drop-down menu, select one of the IP addresses that are available to the edge gateway for the local endpoint.
The IP address must be either the primary IP of the edge gateway, or an IP address that is separately allocated to the edge gateway.
For Local Tunnel Interface, enter a valid IPv4 CIDR, IPv6 CIDR, or one of each by separating them with a comma.
For the Virtual Tunnel Interface (VTI), enter the IP address specified on the remote side.
The IP address must be part of the locally defined VTI CIDR. Enter a valid IPv4 CIDR, IPv6 CIDR, or one of each by separating them with a comma.
Enter the autonomous system (AS) number of the remote BGP neighbor with which you want to establish the connection.
Enter an autonomous system (AS) ID number to use for the local AS feature of the BGP.
Click Autoconfigure.