The L2 VPN client is the source NSX edge that initiates communication with the destination NSX edge, the L2 VPN server.

Prerequisites

Verify you have completed the steps described Navigate to the L2 VPN Screen in the Tenant Portal.

If this L2 VPN client is connecting with an L2 VPN server that uses a server certificate, verify that the corresponding CA certificate is uploaded to the edge gateway to enable server certificate validation for this L2 VPN client. See Add a CA Certificate to the Edge Gateway for SSL Certificate Trust Verification.

Procedure

  1. On the tenant portal's L2 VPN tab, for the L2 VPN mode, select Client.
  2. Click the Client Global tab if it is not already selected.
  3. Configure the L2 VPN client's global configuration details.

    Option

    Description

    Server Address

    Type the IP address of the L2 VPN server to which this client is to be connected.

    Server Port

    Type the L2 VPN server's port to which the client should connect. The default port is 443.

    Encryption Algorithm

    Select the encryption algorithm for communicating with the server.

    Stretched Interfaces

    Select the subinterfaces to be stretched to the server.

    The subinterfaces available to select are those organization virtual datacenter networks configured as subinterfaces on the edge gateway.

    Egress Optimization Gateway Address

    (Optional) If the default gateway for virtual machines is the same across the two sites, type the gateway IP addresses of the subinterfaces or the IP addresses to which traffic should not flow over the tunnel.

    User Id

    Password

    Confirm Password

    Type the user credentials for authentication at the server.

  4. Click Save changes.

    The save operation can take a minute to complete.

  5. (Optional) : To configure advanced options, click the Client Advanced tab.
  6. If this L2 VPN client edge does not have direct access to the Internet and needs to reach the L2 VPN server edge using a proxy server, specify the proxy settings.

    Option

    Description

    Enable Secure Proxy

    Select Enable Secure Proxy.

    Address

    Type the proxy server IP address.

    Port

    Type the proxy server's port.

    User Name

    Password

    Type the proxy server's authentication credentials.

  7. To enable server certification validation, click CHANGE CA CERTIFICATE and select the appropriate CA certificate.
  8. Click Save changes.

    The save operation can take a minute to complete.

What to do next

If it is not already enabled, enable the L2 VPN service on this edge gateway. See Enable the L2 VPN Service on an Edge Gateway.