The L2 VPN client is the source NSX Edge that initiates communication with the destination Edge (L2 VPN server).

About this task

You can also configure a standalone Edge as the L2 VPN client. See Configure Standalone Edge as L2 VPN Client.


  1. In the L2 VPN tab, set the L2 VPN Mode to Client and click Change.
  2. Type the address of the L2 VPN server to which this client is to be connected. The address can be the host name or IP address.
  3. If required, edit the default port to which the L2 VPN client should connect to.
  4. Select the encryption algorithm for communicating with the server.
  5. In Stretched Interfaces, click Select Sub Interfaces to select the sub interfaces to be stretched to the server.
    1. In Select Object, select the trunk interface for the Edge.

      Sub interfaces configured on the trunk vNIC are displayed.

    2. Double-click the sub interfaces to be stretched.
    3. Click OK.
  6. Type a description.
  7. In Egress Optimization Gateway Address, type the gateway IP address of the sub interfaces or the IP addresses to which traffic should not flow over the tunnel.
  8. In User Details, type the user credentials to get authenticated at the server..
  9. Click the Advanced tab.

    If the client NSX Edge does not have direct access to the internet and needs to reach the source (server) NSX Edge via a proxy server, specify Proxy Settings.

  10. To enable only secure proxy connections, select Enable Secure Proxy.
  11. Type the proxy server address, port, user name, and password.
  12. To enable server certificate validation, select Validate Server Certificate and select the appropriate CA certificate.
  13. Click OK and then click Publish Changes.

What to do next

Ensure that the internet facing firewall allows traffic to flow from L2 VPN Edge to the internet. The destination port is 443.