Overview
IPsec VPN , which offers site-to-site connectivity between an HI GIO and remote sites which also have with third-party hardware routers or VPN gateways that support IPSec.
...
Organization virtual data center networks on in the same organization
Organization virtual data center networks on in different organizations
Between an organization's virtual data center network and an external network
Procedure
I. Prepare VPN’s
...
parameters:
Fulfill IPSec parameters.
II. Create IPSec VPN
| Expand |
|---|
Step 1: In the top navigation bar, click Networking and click the Edge Gateways tab. Step 2 |
...
: Click the edge gateway. |
...
 Step 3 |
...
: Under Services, click IPSec VPN. Step 4 |
...
: To configure an IPSec VPN tunnel, click New. |
...
 Step 5 |
...
: Enter a Name |
...
and a description (optional) for the IPSec VPN tunnel. Step 6 |
...
: To enable the tunnel upon creation, toggle on the Status option.  |
...
|
...
|
...
Step 7 |
...
: Click NEXT to select Authentication mode. Step 8 |
...
: Select a peer authentication mode and NEXT. |
...
Step 9 |
...
: On Endpoint Configuration windows, we put some |
...
parameters (follow IPSec parameters |
...
in the prepare step): IP address [Local Endpoint]: Enter public IP (HI GIO’s public IP). Networks [Local Endpoint]: Enter at least one local (HI GIO’s network) IP subnet address |
...
for the IPSec VPN tunnel. IP address [Remote Endpoint]: Enter public IP (remote site, ex: Office’s public IP). Networks [Remote Endpoint]: Enter at least one remote IP (ex: Office’s network) subnet address |
...
for the IPSec VPN tunnel. Step 10 |
...
: Enter the remote ID (optional) for the peer site. |
...
|
...
The remote ID must match the SAN (Subject Alternative Name) of the remote endpoint certificate, if available. If the remote certificate does not contain a SAN, the remote ID must match the distinguished name of the certificate that is used to secure the remote endpoint, for example, C=US, ST=Massachusetts, O=VMware, OU=VCD, CN=Edge1. |
...
 Step 11 |
...
: Click Next. Step 12 |
...
: Review your settings and click Finish. |
...
 The newly created IPSec VPN tunnel is listed in the IPSec VPN view. The IPSec VPN tunnel is created with a default security profile. |
...
 Step 13 |
...
: To verify that the tunnel is functioning, select it and click View Statistics. If the tunnel is functioning, Tunnel Status and IKE Service Status both display Up.  |
III. Configure the Security Profile of the IPSec VPN Tunnel
| Expand |
|---|
Once the IPSec VPN tunnel has been created. We can change the IPSec VPN configuration by security profile, it must be fit with remote site. Step 1: In the top navigation bar, click Networking and click the Edge Gateways tab. Step 2: Click the edge gateway. |
...
 Step 3 |
...
: Under Services, click IPSec VPN. Step 4 |
...
: Select the IPSec VPN tunnel and click Security Profile Customization. |
...
 Step 5 |
...
: Change the configures of the VPN tunnel as you prepared (IPSec parameters).  |
...
|
...
|
...
|
IV. Setup firewall rule for VPN tunnel.
| Expand |
|---|
Step 1: Preparing IP set for firewall rule (can use dynamic\static group also). More detail |
...
 IP set detail: |
...
 |
...
Step 2 |
...
: Create 02 the firewall rules (Edge gateway firewall) for the IPsec tunnel: + HI GIO to Local (remote site) + And Local (remote site) to HI GIO |
...
 If we used Distributed firewall, we also need to create firewall rules to allow VPN’s traffic (remote site to HI GIO). *** Please also set the firewall |
...
rules for VPN traffic on the remote routers. VALIDATE: Tunnel static is UP with Traffic
|
End.