You can create a VPN tunnel between an organization virtual datacenter network that is backed by edge gateway and another organization virtual datacenter in the same organization.

System administrators and organization administrators can create VPN tunnels.

If a firewall is between the tunnel endpoints, you must configure it to allow the following IP protocols and UDP ports:
  • IP Protocol ID 50 (ESP)
  • IP Protocol ID 51 (AH)
  • UDP Port 500 (IKE)
  • UDP Port 4500


Verify that you have at least two routed organization virtual datacenter networks in the organization. One of these networks must be backed by the edge gateway. Both organization virtual datacenter networks must have VPN enabled.


  1. Click the Manage & Monitor tab and click Organization VDCs in the left pane.
  2. Double-click the organization virtual datacenter name to open the organization virtual datacenter.
  3. Click the Edge Gateways tab, right-click the edge gateway name. and select Edge Gateway Services.
  4. Click the VPN tab and click Add.
  5. Type a name and optional description.
  6. Select a network in this organization from the drop-down menu and select local and peer networks.
  7. Review the tunnel settings and click OK.


vCloud Director configures both peer network endpoints.