Before you can bring up an L2VPN tunnel, you must create an extended network that uses the tunnel ID you specified when configuring the L2VPN client.

About this task

Extended networks require a layer 2 Virtual Private Network (L2VPN), which provides a secure communications tunnel between an on-premises network and one in your cloud SDDC. Each end of this tunnel has an ID. When the tunnel ID matches on the cloud SDDC and the on-premises side of the tunnel, the two networks become part of the same broadcast domain. Extended networks use an on-premises gateway as the default gateway. Other network services such as DHCP and DNS are also provided on-premises.

You can change a logical network from routed to extended or from extended to routed. For example, you might configure a logical network as extended to allow migration of VMs from your on-premises data center to your cloud SDDC. When the migration is complete, you might then change the network to routed to allow the VMs to use VMware Cloud on AWS networking services.


  1. Log in to the vSphere Client for your SDDC as a user with cloud administrator privileges.
  2. Select Menu > Global Inventory Lists.
  3. Select Logical Networks.
  4. Click Add.
  5. In the Name text field, enter a name for the logical network.
  6. Select Extended Network.
  7. In the Tunnel ID text box, enter the same tunnel ID that you specified when configuring the L2 VPN client.