NSX supports IPSec Virtual Private Network (IPSec VPN) and Layer 2 VPN (L2 VPN) on an NSX Edge node.

  • IPSec VPN offers site-to-site connectivity between an NSX Edge node and remote sites.
  • L2 VPN allows you to extend L2 networks across data centers securely by enabling virtual machines to keep their network connectivity across geographical boundaries while using the same IP address.
Note:

IPSec VPN and L2 VPN are not supported in the NSX limited export release.

You must have a working NSX Edge node, with at least one configured Tier-0 or Tier-1 gateway, before you can configure a VPN service. For more information, see "NSX Edge Installation" in the NSX Installation Guide.

Important: To configure VPN services, you must use new objects, such as Tier-0 gateways, that were created using the NSX Manager UI or Policy APIs that are included with NSX.

System-default configuration profiles with predefined values and settings are made available for your use during a VPN service configuration. You can also define new profiles with different settings and select them during the VPN service configuration.

The Intel QuickAssist Technology (QAT) feature on a bare metal server is supported for IPSec VPN bulk cryptography. For more information on support of the QAT feature on bare metal servers, see the NSX Installation Guide.