NSX-T Data Center supports a site-to-site IPSec VPN service between a Tier-0 or Tier-1 gateway and remote sites. You can create a policy-based or a route-based IPSec VPN service. You must create the IPSec VPN service first before you can configure either a policy-based or a route-based IPSec VPN session.
Note: IPSec VPN is not supported in the
NSX-T Data Center limited export release.
IPSec VPN is not supported when the local endpoint IP address goes through NAT in the same logical router that the IPSec VPN session is configured.
Prerequisites
- Familiarize yourself with the IPSec VPN. See Understanding IPSec VPN.
- You must have at least one Tier-0 or Tier-1 gateway configured and available for use. See Add a Tier-0 Gateway or Add a Tier-1 Gateway for more information.
Procedure
What to do next
Use information in Adding IPSec VPN Sessions to guide you in adding an IPSec VPN session. You also provide information for the profiles and local endpoint that are required to finish the IPSec VPN configuration.