This enables IPSec VPN on the NSX Edge instance.


To enable certificate authentication, server certificates and corresponding CA-signed certificates must be imported. Optionally, you can use an open-source command-line tool such as OpenSSL to generate CA-signed certificates.

Self-signed certificates cannot be used for IPSec VPNs. They can only be used in load balancing and SSL VPNs.


  1. Log in to the vSphere Web Client.
  2. Click Networking & Security and then click NSX Edges.
  3. Double-click an NSX Edge.
  4. Click the Manage tab and then click the VPN tab.
  5. Click IPSec VPN.
  6. Click Change next to Global configuration status.
  7. Type a global pre-shared key for those sites whose peer endpoint is set to any and select Display shared key to display the key.
  8. Select Enable certificate authentication and select the appropriate certificate.
  9. Click OK.