NSX-T Data Center supports IPSec Virtual Private Network (IPSec VPN) and Layer 2 VPN (L2 VPN) on an NSX Edge node. IPSec VPN offers site-to-site connectivity between an NSX Edge node and remote sites. With L2 VPN, you can extend your data center by allowing virtual machines to keep their network connectivity across geographical boundaries while using the same IP address.

Note:

IPSec VPN and L2 VPN are not supported in the NSX-T Data Center limited export release.

You must have a working NSX Edge node, with at least one configured Tier-0 gateway, before you can configure a VPN service. For more information, see "NSX Edge Installation" in the NSX-T Data Center Installation Guide.

Beginning with NSX-T Data Center 2.4, you can also configure new VPN services using the NSX Manager user interface. In earlier releases of NSX-T Data Center, you can only configure VPN services using REST API calls.

Important: When using NSX-T Data Center 2.4 or later to configure VPN services, you must use new objects, such as Tier-0 gateways, that were created using the NSX Manager UI or Policy APIs that are included with NSX-T Data Center 2.4 or later release. To use existing Tier-0 logical routers that were configured before the NSX-T Data Center 2.4 release, you must continue to use API calls to configure a VPN service.

System-default configuration profiles with predefined values and settings are made available for your use during a VPN service configuration. You can also define new profiles with different settings and select them during the VPN service configuration.