Use the Global Configuration screen in the vCloud Director tenant portal to configure IPsec VPN authentication settings at an edge gateway level. On this screen, you can set a global pre-shared key and enable certification authentication.

A global pre-shared key is used for those sites whose peer endpoint is set to any.

Prerequisites

Procedure

  1. Open Edge Gateway Services.
    1. Navigate to Networking > Edges.
    2. Select the edge gateway to edit, and click Configure Services.
  2. On the IPsec VPN tab, click Global Configuration.
  3. (Optional) Set a global pre-shared key:
    1. Enable the Change Shared Key option.
    2. Enter a pre-shared key.

      The global pre-shared key (PSK) is shared by all the sites whose peer endpoint is set to any. If a global PSK is already set, changing the PSK to an empty value and saving it has no effect on the existing setting.

    3. (Optional) Optionally enable Display Shared Key to make the pre-shared key visible.
    4. Click Save changes.
  4. Configure certification authentication:
    1. Turn on Enable Certificate Authentication.
    2. Select the appropriate service certificates, CA certificates, and CRLs.
    3. Click Save changes.

What to do next

You can optionally enable logging for the IPsec VPN service of the edge gateway. See Statistics and Logs in the vCloud Director Tenant Portal.