After configuring the L2 VPN Server service, configure the L2 VPN service in the client mode on another NSX Edge instance.
Procedure
- With admin privileges, log in to NSX Manager.
- (Optional) If an IPSec VPN service does not exist yet on either a Tier-0 or Tier-1 gateway that you want to configure as the L2 VPN client, create the service using the following steps.
- Navigate to the tab and select .
- Enter a name for the IPSec VPN service.
- From the Tier-0/Tier-1 Gateway drop-down menu, select a Tier-0 or Tier-1 gateway to use with the L2 VPN client.
- If you want to use values different from the system defaults, set the rest of the properties on the Add IPSec Service pane, as needed.
- Click Save and when prompted if you want to continue configuring the IPSec VPN service, select No.
- Navigate to the tab and select .
- Enter a name for the L2 VPN Client service.
- From the Tier-0/Tier-1 Gateway drop-down menu, select the same Tier-0 or Tier-1 gateway that you used with the route-based IPSec tunnel you created a moment ago.
- Optionally set the values for Description and Tags.
- Click Save.
After the new L2 VPN client service is created successfully, you are asked whether you want to continue with the rest of the L2 VPN client configuration. If you click
Yes, you are taken back to the Add L2 VPN Client pane and the
Session link is enabled. You can use that link to create an L2 VPN client session or use the
tab.
Results
After one or more L2 VPN sessions are added, the number of sessions for each VPN service will appear in the
VPN Services tab. You can reconfigure or add sessions by clicking the number in the
Sessions column. You do not need to edit the service. If the number is zero, it is not clickable and you must edit the service to add sessions.
What to do next
Configure an L2 VPN client session for the L2 VPN Client service that you configured. Use the information in Add an L2 VPN Client Session as a guide.