You can connect multiple sites to the L2 VPN server.

Note: Changing site configuration settings causes the NSX Edge to disconnect and reconnect all existing connections.

Procedure

  1. Log in to the vSphere Web Client.
  2. Click Networking & Security > NSX Edges.
  3. Double-click an NSX Edge.
  4. Next to L2 VPN Mode, select Server.
  5. In Site Configuration Details, click Add.
  6. Specify the configuration of the L2 VPN peer site.
    1. Enter a unique name for the peer site.
    2. Enter a user name and password with which the peer site is to be authenticated. User credentials on the peer site must be the same as those on the client side.
    3. In Stretched Interfaces, click Edit Icon in HTML5. or Select Sub Interfaces to select the sub interfaces to be stretched with the client.
    4. Select the trunk interface for the Edge.
      Sub interfaces configured on the trunk vNIC are displayed.
    5. Double-click the sub interfaces to be stretched.
    6. Click Add or OK.
    7. If the default gateway for virtual machines is the same across the two sites, enter the gateway IP addresses in the Egress Optimization Gateway Address text box. These IP addresses are the addresses for which the traffic is to be locally routed or for which the traffic is to be blocked over the tunnel.
    8. (Optional) Enable Unstretched Networks when you want the VMs on the unstretched networks to communicate with the VMs that are behind the L2 VPN client edge on the stretched network. In addition, you want this communication to be routed through the same L2 VPN tunnel. Unstretched subnets can either be behind the L2 VPN server edge or the L2 VPN client edge or both.

      For example, imagine that you have created an L2 VPN tunnel to stretch the 192.168.10.0/24 subnetwork between two data center sites using the NSX L2 VPN service.

      Behind the L2 VPN server edge, you have two additional subnets (for example, 192.168.20.0/24 and 192.168.30.0/24). When unstretched networks are enabled, the VMs on 192.168.20.0/24 and 192.168.30.0/24 subnets can communicate with the VMs that are behind the L2 VPN client edge on the stretched network (192.168.10.0/24). This communication is routed through the same L2 VPN tunnel.

    9. If you have enabled unstretched networks, do these steps depending on where the unstretched subnets are situated:
      • When unstretched subnets are behind the L2 VPN client edge, enter the network address of the unstretched network in the CIDR format while adding the peer (client) site on the L2 VPN server edge. To enter multiple unstretched networks, separate the network addresses by commas.
      • When unstretched subnets are behind the L2 VPN server edge, keep the Unstretched Networks text box blank. In other words, do not enter the network address of the unstretched networks while adding the client (peer) site on the L2 VPN server.
      In the earlier example, because the unstretched subnets are behind the L2 VPN server edge, you must keep the Unstretched Networks text box blank in the Add Peer Site window.
  7. Click Add or OK, and then click Publish Changes.