Manualshelf

Virtual Private Cloud OnDemand Networking Guide

ManualsBrandsVMware ManualsApplicationsvCloud Air
31323334353637383940
Table Of Contents
Create an IPsec VPN connection by using Virtual Private Cloud OnDemand and vCloud Director. Create an
SSL VPN (Data Center Extension) connection by using vCloud Connector.
Related Information
n
See Create a VPN Tunnel to a Remote Network in vCloud Director Administrator’s Guide for information.
n
See the VMware Blog article How To Use VPN to Connect Multiple vCloud Air Clouds for more
information.
About IPsec VPN
Internet Protocol Security (IPsec) is a protocol suite for securing the IP packets of a communication session.
vCloud Air – Virtual Private Cloud OnDemand supports using IPsec to create a secure VPN connection
between your Virtual Private Cloud OnDemand public cloud and a remote site, such as your on-premises
data center.
The gateway supports the following IPsec functionality for IPsec VPN connections between sites:
n
Certificate authentication using pre-shared key mode
n
IP unicast traffic (but not dynamic routing) between the gateway and remote VPN routers
n
The ability to configure multiple subnets per remote VPN router to connect an IPsec VPN to a gateway
network on the gateway's inside interface
NOTE The VPN router subnets and the gateway network cannot have overlapping IP address ranges.
They must use different subnets because the IPsec VPN connection requires they have different local
endpoint IP addresses.
n
A maximum of 64 IPsec VPN connections across a maximum of 10 sites
n
Deploying a gateway behind a NAT device to translate the gateway's VPN IP address to a public IP
address accessible from the Internet
Remote VPN routers use the public IP address to access the gateway.
n
Deploying remote VPN routers behind a NAT device
When deploying a remote VPN router behind a NAT device, configure the IPsec VPN connection using
the VPN native IP address and the VPN Gateway ID. On both sides of the connection, configure static
one-to-one NAT for the VPN IP address.
Related Information
See “Set up an IPsec VPN Connection to a Remote Site,” on page 33 in this guide for the steps to set up an
IPsec VPN connection in vCloud Air.
See also Create a VPN Tunnel to a Remote Network in vCloud Director Administrator's Guide
See also Enable VPN for an Organization Virtual Datacenter Network in vCloud Director Administrator's
Guide
About Setting up an IPsec VPN Connection
You can configure an IPsec VPN connection between networks within Virtual Private Cloud OnDemand
and between a remote site and Virtual Private Cloud OnDemand. Setting up an IPsec VPN connection from
a remote network to Virtual Private Cloud OnDemand is the most common scenario.
Chapter 3 Network Security and Secure Access
VMware, Inc. 31