Networking Guide
Table Of Contents
- VMware vCloud Air Networking Guide
- Contents
- About this Networking Guide
- Overview of Gateways and Networks
- About Managing Gateways and Networks
- Network Security and Secure Access
- Network Connectivity for Virtual Machines
- Direct Connect for vCloud Air
- Features of Direct Connect
- Reasons to Order Direct Connect
- Direct Connect Service Overview
- Direct Connect with Cross Connect
- Direct Connect for Network Exchange
- Direct Connect Use Cases
- About the Ordering and Provisioning Workflow
- Work with Your Provider to Set up Connection
- Order Direct Connect to vCloud Air
- Work with VMware to Complete Order
- View Direct Connect in vCloud Air
- Route Traffic Through Direct Connect
- Index
Prerequisites
Verify that you have networking administration privileges in vCloud Air.
If a firewall is between the connection endpoints, you must configure it to allow the following IP protocols
and UDP ports:
n
IP Protocol ID 50 (ESP)
n
IP Protocol ID 50 (ESP)
n
IP Protocol ID 51 (AH)
n
UDP Port 500 (IKE)
n
UDP Port 4500
Procedure
1 In vCloud Air, click the Gateways tab.
The complete list of gateways configured for vCloud Air appears. The virtual data center to which each
gateway belongs is displayed next to the gateway name.
2 Click the gateway for which you want to set up an IPsec VPN connection.
3 Click Manage Advanced Gateway Settings under the In vCloud Director heading.
The vCloud Director Administration page > Edge Gateway tab displays.
4 Select the gateway name, right-click and choose Edge Gateway Services > VPN tab.
5 Check Enable VPN to enable the VPN networking service for the gateway.
6 If necessary, click Configure Public IPs to add a public IP address for the external network.
7 Click Add.
The Add a Site-to-Site VPN configuration dialog box appears.
8 Complete the following settings for the IPsec VPN connection:
Option Description
Name
Enter a name for the connection.
Description
(Optional) Enter a description for the connection.
Enable this VPN Configuration
Select the checkbox to enable the connection between the two VPN
endpoints.
Establish VPN to
From the drop-down menu, select a remote network.
Local Networks
In the text field, select the local network to which the connection applies.
Peer Networks
Enter the remote networks to which the VPN connects.
NOTE Enter a network range (not a specific IP address) by entering the IP
address using CIDR format; for example, 192.168.99.0/24.
Local Endpoint
From the drop-down list, select the network that is the local endpoint for
the connection. The local endpoint specifies the network in vCloud Air on
which the gateway transmits. Typically, the external network is the local
endpoint.
Local ID
Enter the local ID, which is the public IP address of the gateway.
Peer ID
Enter the peer ID, which is the public IP address of the remote device
terminating the VPN connection.
NOTE If the peer IP address is from another organization VDC network,
enter the peer's native IP address. If NAT is configured for the peer, enter
the private peer IP address.
Chapter 3 Network Security and Secure Access
VMware, Inc. 33