After you configure the L2 VPN server, configure the L2 VPN service in the client mode on another Edge instance, which can be either an NSX-managed Edge, a standalone Edge, or an NSX-T software-defined data center (SDDC).

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Create a route-based IPSec tunnel for the L2 VPN client service.
    1. Navigate to the Networking > VPN > VPN Services tab and select Add Service > IPSec.
    2. Enter a name for the IPSec VPN service.
    3. From the Tier-0 Gateway drop-down menu, select a Tier-0 gateway to use with the L2 VPN client.
    4. If you want to use values different from the system defaults, set the rest of the properties on the Add IPSec Service pane, as needed.
    5. Click Save and when prompted if you want to continue configuring the IPSec VPN service, select No.
  3. Navigate to the Networking > VPN > VPN Services tab and select Add Service > L2 VPN Client.
  4. Enter a name for the L2 VPN Client service.
  5. From the Tier-0 Gateway drop-down menu, select the same Tier-0 gateway that you used with the route-based IPSec tunnel you created a moment ago.
  6. Define the other properties on the Add L2 VPN Client pane if you want to use values other than the system defaults.
  7. Click Save.
    After the new L2 VPN client service is created successfully, you are asked whether you want to continue with the rest of the L2 VPN client configuration. If you click Yes, you are taken back to the Add L2 VPN Client pane and the Session link is enabled. You can use that link to create an L2 VPN client session or use the Networking > VPN > L2 VPN Sessions tab.

What to do next

Configure an L2 VPN client session for the L2 VPN Client service that you configured. Use the information in Add an L2 VPN Client Session as a guide.