How to create a s2s vpn tunnel in vCloud Director

Virtual servers & datacenter / Copaco VMware Cloud / How to create a s2s vpn tunnel in vCloud Director

How to create a s2s vpn tunnel in vCloud Director

Prerequisites to this guide:

 

  1. Login to Copaco Vmware Cloud


  2. When logged in to the Copaco Vmware cloud enviroment go to:
    Networking -> Edges -> select the edge -> configure services


  3. In the "Edge Gateway Settings" go to the VPN -> IPsec VPN -> menu and enable the "IPsec VPN service" by toggle it to the right


  4. When the "IPsec VPN Service Status" is enabled go to "IPsec VPN sites"

  5. In the "IPsec VPN sites" menu click on the "+" sign

  6. The "Add IPsec VPN"configuration wizard opens. Enable the configuration by toggle the "Enable option" to the right.
    There are some required fields that needs to configure. Here we will describe what you need to fill in:



    • Name: Here you can enter a name for the VPN tunnel
    • Local ID: This is the IP Address of your Edge Gateway in VMware cloud

    You can find it here: Networking -> Edges -> Edge Gateway Settings




    • Local Endpoint: This is the same Address as you used for the Local ID
    • Local Subnet: This the private subnet that you have defined for your Vmware cloud network

    You can find it here: Networking -> Networks -> sekect your network -> Check the Network gateway address and replace the last octed 254/24 with 0/24. (For example 192.168.2.254/24 should be 192.168.2.0/254)


    • Peer ID: This is the IP address of the On-premise firewall
    • Peer Endpoint: This is the same address as you used for the peer id
    • Peer Subnet: This is the subnet that you use in your on-premise environment
    • Encryption Algorithm: Here you can define which Algorithm you want to use. We support AES, AES256, AES-GCM, 3DES. (which algorithm you need to use depends on your on-premise firewall model)
    • Authentication: Here you can choose which authentication method you want to use; PSK or certificate. ( make sure that you use the same method on both sides.)
    • Pre-Shared key: Here you need to define a pre shared key (make sure that you use the same PSK on both sides.
    • Diffle-Hellman Group: Here you can define which DH group you want to use. We support DH5, DH 14, DH 15 and DH16. ( which algorithm you need to use depends on your on-premise firewall model)



    When you have filled in all the information click on the KEEP button

    At this point you need to configure the On-premise side. You need to use the following settings:

     

    Phase 1:

    > IKE Version: Ikev1

    > Authentication Algorithm: sha1

    > SA Liftime: 28800 seconds

     

    Phase 2:

     > Authentication Algorithm: sha1

    > SA Lifetime: 3600 seconds

     
    These settings are static; we cannot modify them.