Virtual Private Cloud OnDemand Networking Guide

ManualsBrandsVMware ManualsApplicationsvCloud Air

Table Of Contents

vCloud Air - Virtual Private Cloud OnDemand Networking Guide

Using vCloud Director, you configure an IPsec VPN connection for Virtual Private Cloud OnDemand as

part of configuring gateway services. When you configure an IPsec VPN connection between sites, you

configure the connection from the point of view of your current location. Setting up the connection requires

that you understand how to configure the following values so that you configure the VPN connection

correctly:

Peer Networks: specifies the remote networks to which the VPN connects. When you configure this

setting, enter a network range and not a specific IP address. Enter the IP address using CIDR format; for

example, 192.168.99.0/24.

Local Endpoint (LEP): specifies the network in Virtual Private Cloud OnDemand on which the gateway

transmits. Typically, the external network is the local endpoint.

Peer ID: specifies the public IP address of the remote device terminating the VPN connection. If the

peer IP address is from another organization VDC network, you enter the peer’s native IP address. If

NAT is configured for the peer, you enter the private peer IP address.

Peer IP: specifies the public IP address of the remote device to which you are connecting. If NAT is

configured for the peer, you enter the public IP address that the devices uses for NAT.

Local ID: specifies the public IP address of the gateway. You can enter an IP address or hostname in

conjunction with the gateway firewall.

Example: Configuring IPsec VPN Connection between VM1 and VM2

The following diagram shows an example for how to specify the VPN connection settings correctly:

Figure 3‑2. Architecture: IPsec VPN between Virtual Private Cloud OnDemand and a Remote Site

VM2VM1

Internet

VPN

External

router

vSphere

(on-premises)

Virtual Private

Cloud OnDemand

IP protocol ID 50 (ESP)

IP protocol ID 50 (AH)

UPD Port 500 (IKE)

UDP Port 4500

LEP: 198.51.100.2

Peer ID: 10.0.1.150

Peer IP: 203.0.133.2

Local ID: 203.0.113.2

LEP: 10.0.1.150

Peer ID: 198.51.100.2

Peer IP: 198.51.100.2

Local ID: 198.51.100.2

10.0.10.0/24

192.168.109.0/24

10.0.1.1

10.0.1.150

198.51.100.2

203.0.113.2

192.168.109.1

ON-PREMISES-ROUTED

VDC1-DEFAULT-ROUTED

Specifying the peer IDs and peer IPs configure how network traffic travels from one side of the connection

to the other side. In the example, the peer ID and peer IP for the Virtual Private Cloud OnDemand side of

the connection are different values because in the on-premises side of the connection, the on-premises

gateway is not directly accessible from the Internet (it connects to the Internet through an external router). In

the on-premises side of the connection, the peer ID and peer IP are the same value because the gateway in

Virtual Private Cloud OnDemand is directly accessible from the Internet (it does not sit behind another

device).

vCloud Air - Virtual Private Cloud OnDemand Networking Guide

32 VMware, Inc.