Specify local (SDDC) and remote (on-premises) IP addresses to create the SDDC end of the Layer 2 VPN tunnel. If you use the native VPN services of your hyperscale cloud provider, see the hyperscale cloud provider documentation for more information.

If L2VPN is not activated in your SDDC, and you want to activate it, contact your account team.

Note:

This topic explains how to create a Layer 2 VPN that connects to the SDDC's default public or private IP. If you have an SDDC with additional Tier-1 gateways (see Add a Tier-1 Gateway) you can add VPN services that terminate on those gateways. See Adding VPN Services in the NSX Data Center Administration Guide.

If the option to create and configure additional Tier-1 gateways is not active in your SDDC, and you want to activate it, contact your account team.

VMware Cloud on Public Cloud supports a single Layer 2 VPN tunnel between your on-premises installation and your SDDC.

Procedure

  1. With CloudAdmin privileges, log in to NSX Manager.
  2. Click VPN > Layer 2.
  3. Click ADD VPN TUNNEL.
  4. Configure the VPN parameters.
    Option Description
    Local IP Address
    • Select the private IP address if you have configured a dedicated high bandwidth, low latency connection for this SDDC and want the VPN to use it.
    • Select the public IP address if you want the VPN to connect to the SDDC over Internet.
    Remote Public IP Enter the remote public IP address of your on-premise L2VPN gateway. For an L2VPN, this is always the standalone NSX Edge appliance (see Install and Configure the On-Premises NSX Edge).
    Remote Private IP Enter the remote private IP address if the on-premise gateway is configured behind NAT.
    Note: To reduce the maximum segment size (MSS), TCP TMSS clamping is always enabled for Layer 2 VPNs in SDDC version 1.15 and later.
  5. (Optional) Tag the VPN.

    See Add Tags to an Object in the NSX Data Center Administration Guide for more information about tagging NSX objects.

  6. (Optional) Add a Description.
  7. Click SAVE.
    Depending on your SDDC environment, the Layer 2 VPN creation process might take a few minutes. When the Layer 2 VPN tunnel becomes available, the status changes to Up.