A Management Gateway VPN enables easy connectivity from on-premises environment to your SDDC for functionality like Enhanced Linked Mode. Similarly, you can also configure a Compute Gateway VPN for workload mobility. This process is optional and is not required for standalone / non-hybrid environments.

Either IPSec or L2TP VPN tunnels can be configured. Within this guide, we'll step you through the IPSec configuration.

Within the SDDC, click the ‘Network & Security’ tab

Beneath the ‘Network’ section, expand ‘VPN’, click ‘Policy Based’

  1. Click ‘Add VPN’
  2. Give the VPN a name, such as: Management VPN
  3. For ‘Local IP Address’, select the appropriate public IP from the drop-down options
  4. For ‘Remote Public IP’, enter the public IP for the on-premises VPN
  5. For ‘Remote Networks’, add the on-premises network subnet(s) that will communicate on the VPN
  6. For ‘Local Networks’, choose the SDDC based network which will communicate over the VPN. Example: Infrastructure Subnet for Hybrid Linked Mode
  7. Select the Encryption, Perfect Forward Secrecy, Diffie Hellman, IKE, and SHA details that match your on-premises VPN settings
  8. Enter the Pre-Shared Key from your on-premises VPN configuration
  9. Click ‘SAVE’

Once the VPN configuration has been set up on both the local on-premises endpoint and also with the VMC SDDC console, the status icon should change to green with the word "up" next to it. Clicking on the (i) icon can provide more information including any troubleshooting help you may require.

check-circle-line exclamation-circle-line close-line
Scroll to top icon