After creating an L2 VPN Server service, you must add an L2 VPN session and attach it to an existing segment.

The following steps use the L2 VPN Sessions tab on the NSX Manager UI to create an L2 VPN Server session. You also select an existing local endpoint and segment to attach to the L2 VPN Server session.

Note: You can also add an L2 VPN Server session immediately after you have successfully configured the L2 VPN Server service. You click Yes when prompted to continue with the L2 VPN Server configuration and select Sessions > Add Sessions on the Add L2 VPN Server panel. The first few steps in the following procedure assume you selected No to the prompt to continue with the L2 VPN Server configuration. If you selected Yes, proceed to step 3 in the following steps to guide you with the rest of the L2 VPN Server session configuration.

Prerequisites

  • You must have configured an L2 VPN Server service before proceeding. See Add an L2 VPN Server Service.
  • Obtain the information for the local endpoint and remote IP to use with the L2 VPN Server session you are adding. To create a local endpoint, see Add Local Endpoints.
  • Obtain the values for the pre-shared key (PSK) and the tunnel interface subnet to use with the L2 VPN Server session.
  • Obtain the name of the existing segment you want to attach to the L2 VPN Server session you are creating. See Add a Segment for information.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Navigate to the Networking > VPN > L2 VPN Sessions tab.
  3. Select Add L2 VPN Session > L2 VPN Server.
  4. Enter a name for the L2 VPN Server session.
  5. From the L2 VPN Service drop-down menu, select the L2 VPN Server service for which the L2 VPN session is being created.
    Note: If you are adding this L2 VPN Server session from the Set L2VPN Server Sessions dialog box, the L2 VPN Server service is already indicated above the Add L2 Session button.
  6. Select an existing local endpoint from the drop-down menu.
    If you want to create a different local endpoint, click the three-dot menu ( ) and select Add Local Endpoint.
  7. Enter the IP address of the remote site.
  8. To enable or disable the L2 VPN Server session, click Admin Status.
    By default, the value is set to Enabled, which means the L2 VPN Server session is to be configured down to the NSX Edge node.
  9. Enter the secret key value in Pre-shared Key.
    Caution: Be careful when sharing and storing a PSK value because it is considered sensitive information.
  10. Enter an IP subnet address in the Tunnel Interface using the CIDR notation.
    For example, 4.5.6.6/24. This subnet address is required.
  11. Enter a value in Remote ID.
    For peer sites using certificate authentication, this ID must be the common name in the peer site's certificate. For PSK peers, this ID can be any string. Preferably, use the public IP address of the VPN or an FQDN for the VPN services as the Remote ID.
  12. If you want to include this session as part of a specific group, enter the tag name in Tags.
  13. Click Save and click Yes when prompted if you want to continue with the VPN service configuration.
    You are returned to the Add L2VPN Sessions panel and the Segments link is now enabled.
  14. Attach an existing segment to the L2 VPN Server session.
    1. Click Segments > Set Segments.
    2. In the Set Segments dialog box, click Set Segment to attach an existing segment to the L2 VPN Server session.
    3. From the Segment drop-down menu, select the VNI-based or VLAN-based segment that you want to attach to the session.
    4. Enter a unique value in the VPN Tunnel ID that is used to identify the segment that you selected.
    5. Click Save and then Close.
    In the Set L2VPN Sessions pane or dialog box, the system has incremented the Segments count for the L2 VPN Server session.
  15. To finish the L2 VPN Server session configuration, click Close Editing.

Results

In the VPN Services tab, the system incremented the Sessions count for the L2 VPN Server service that you configured.

What to do next

To complete the L2 VPN service configuration, you must also create an L2 VPN service in Client mode and an L2 VPN client session. See Add an L2 VPN Client Service and Add an L2 VPN Client Session.