Specify a local (SDDC) IP address, a remote (on-premises) public IP address, and a remote private IP address to create the SDDC end of the Layer 2 VPN tunnel.

VMware Cloud on AWS GovCloud supports a single Layer 2 VPN tunnel between your on-premises installation and your SDDC.


  1. Log in to the VMware Cloud on AWS GovCloud at https://www.vmc-us-gov.vmware.com/.
  2. Select Networking & Security > VPN > Layer 2.
  3. Click ADD VPN TUNNEL.
  4. Configure the VPN parameters.
    Option Description
    Local IP Address
    • Select the private IP address if you have configured AWS Direct Connect for this SDDC and want the VPN to use it.
    • Select the public IP address if you want the VPN to connect to the SDDC over Internet.
    Remote Public IP Enter the remote public IP address of your on-premise L2VPN gateway. For an L2VPN, this is always the standalone NSX Edge appliance (see ).
    Remote Private IP Enter the remote private IP address if the on-premise gateway is configured behind NAT.
  5. (Optional) Tag the VPN.

    See Add Tags to an Object in the NSX-T Data Center Administration Guide for more information about tagging NSX-T objects.

  6. (Optional) Add a Description.
  7. Click SAVE.
    Depending on your SDDC environment, the Layer 2 VPN creation process might take a few minutes. When the Layer 2 VPN tunnel becomes available, the status changes to Up.