You must enable the L2 VPN service on the L2 VPN server (destination NSX Edge). If HA is already configured on this Edge appliance, ensure that Edge has more than one internal interface configured on it. If only a single interface is present and that has already been used by HA, L2 VPN configuration on the same internal interface fails.


  1. Log in to the vSphere Web Client.
  2. Click Networking & Security > NSX Edges.
  3. Double-click a destination NSX Edge, and navigate to Manage > VPN > L2 VPN.
  4. Next to L2 VPN Service Status, click Start.

What to do next

Create NAT or firewall rule on the Internet facing firewall side to enable the client and server to connect to each other.