To create the management VPN, configure an IPsec VPN in the SDDC and another one in your on-premises datacenter. The management gateway connects these two VPNs and provides a common set of firewall rules and DNS services.
- Log in to the VMC Console at https://vmc.vmware.com.
- On Network tab of your SDDC, click .
- Complete the Management Gateway VPN configuration.
Enter a name for the VPN.
Remote Gateway Public IP
Enter the IP address of your on-premises gateway.
Remote Gateway Private IP
If your on-premises gateway is behind NAT, provide the private IP address of the gateway.
Enter the address of your on-premises management network.
Local Gateway IP
Displays the public IP address of the management gateway. This is not an editable field.
Displays the CIDR block of the management subnet for the management gateway. This is not an editable field.
Perfect Forward Secrecy
Select a Diffie Hellman group. Ensure that you use a group that your on-premises VPN gateway supports.
Enter a pre-shared key. The key is a string with a maximum length of 128 characters that is used by the two ends of the VPN tunnel to authenticate with each other.
Click SAVE to save this configuration and create the VPN.
After the system creates the VPN in the SDDC, you can click ACTIONS to Edit or Disable the VPN. When the VPN has a status of Connected, you can click VPN Status Detail to view VPN tunnel status and statistics.
- Download the SDDC management VPN configuration details.
Under Remote VPN Config File, click Download to download a configuration file that you can use when you configure the on-premises side of this VPN.
What to do next
Configure the on-premises side of the management VPN.