This enables IPSec VPN on the NSX Edge instance.
To enable certificate authentication, server certificates and corresponding CA-signed certificates must be imported. Optionally, you can use an open-source command-line tool such as OpenSSL to generate CA-signed certificates.
Self-signed certificates cannot be used for IPSec VPNs. They can only be used in load balancing and SSL VPNs.
- Log in to the vSphere Web Client.
- Click Networking & Security and then click NSX Edges.
- Double-click an NSX Edge.
- Click the Manage tab and then click the VPN tab.
- Click IPSec VPN.
- Click Change next to Global configuration status.
- Type a global pre-shared key for those sites whose peer endpoint is set to any and select Display shared key to display the key.
- Select Enable certificate authentication and select the appropriate certificate.
- Click OK.