Use the Global Configuration screen in the vCloud Director tenant portal to configure IPsec VPN authentication settings at an edge gateway level. On this screen, you can set a global pre-shared key and enable certification authentication.

About this task

A global pre-shared key is used for those sites whose peer endpoint is set to any.


If you intend to enable certificate authentication, verify you have at least one service certificate and corresponding CA-signed certificates in the tenant portal's Certificates screen. Self-signed certificates cannot be used for IPsec VPNs. See Add a Service Certificate to the Edge Gateway.

To use the vCloud Director tenant portal to work with an edge gateway's settings, the edge gateway must be converted to an advanced edge gateway. You can do this on the edge gateway in the vCloud Director Web console or from the tenant portal. For details on performing this step from the tenant portal, see Convert an Edge Gateway to an Advanced Edge Gateway.


  1. Launch Edge Gateway Services by completing the following steps.
    1. Click Network > Edge Gateway.
    2. Select the edge gateway to edit, and click Configure Services.

      The tenant portal opens Edge Gateway Services.

  2. Navigate to VPN > IPsec VPN > Global Configuration
  3. (Optional) Set a global pre-shared key:
    1. Turn on the Change Shared Key toggle.
    2. Type a pre-shared key.
    3. (Optional) Optionally turn on the Display Shared Key toggle to make the pre-shared key visible.
    4. Click Save changes.
  4. Configure certification authentication:
    1. Turn on the Enable Certification Authentication toggle.
    2. Select the appropriate service certificate, CA certificates, and CRLs.
    3. Click Save changes.

What to do next

You can optionally enable logging for the edge gateway's IPsec VPN service. See Statistics and Logs in the vCloud Director Tenant Portal.