0

Practical NSX: IPSEC VPN

In this post we will look at the IPSEC VPN feature that the NSX edge provides. You can create an IPSec VPN between an ESG and any other network device which supports IPSec or you can just use ESGs at both the source and target site.

The Setup

VM configuration

Edge interfaces

My edges have two interfaces:

Intenal interface is on the 192.168.4.0/24 for Site A and 192.168.5.0/24 for Site B.

External interface is on the 192.168.6.0/24 for both edges.

Let’s setup IPSEC between Site A and Site B

Double click on your Edge in site A  > Manage > VPN > IPSEC VPN

Click on Global Configuration > Change > Type in a shared key. This key is needed on both site > Press OK to save.

Now click on the  + button to configure the IPSec VPN parameters.

Press OK to save then publish the changes.

Double click on your Edge in site B > Manage > VPN > IPSEC VPN

Click on Global Configuration > Change > Type in the same shared key that we entered on the edge of site A > Press OK to save.

Now click on the  + button to configure the IPSec VPN parameters.

Press OK to save then publish the changes.

Let’s now enable the IPSEC service on both sides and publish the changes.

After enabling the service on both sites in my lab, the vpn tunnel would not form. The issue turned up to be the localid value for site A was different between my sites (Checkout the screenshot for Site A and SiteB). Once corrected, the tunnel came up!

Let’s now check if my VMs can now ping each other

Troubleshooting

Check that the VPN details entered are correct (:

Check that the service is up and running.

Enable logging and check the logs

I hope this post was helpful. Thank you for reading.

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *