Specify a local (AWS) IP address, a remote (on-premises) public IP address, and a remote private IP address to create the SDDC end of the Layer 2 VPN tunnel.

VMware Cloud on AWS supports a single Layer 2 VPN tunnel between your on-premises installation and your SDDC.


  1. Log in to the VMC Console at https://vmc.vmware.com.
  2. Select Networking & Security > VPN > Layer 2.
  3. Click ADD VPN TUNNEL.
  4. Configure the VPN parameters.
    Option Description
    Local IP Address
    Remote Public IP Enter the remote public IP address of your on-premise L2VPN gateway. For an L2VPN, this is always the standalone NSX Edge appliance (see Download and Configure the Autonomous NSX Edge).
    Remote Private IP Enter the remote private IP address if the on-premise gateway is configured behind NAT.
  5. (Optional) Tag the VPN.

    See Add Tags to an Object for more information about tagging NSX-T objects.

  6. (Optional) Add a Description.
  7. Click SAVE.
    Depending on your SDDC environment, the Layer 2 VPN creation process might take a few minutes. When the Layer 2 VPN tunnel becomes available, the status changes to Up.