vShield Administration Guide
To configure VPN on a vShield Edge
1
In the vSphere Client, go to Inventory > Networking.
2
Select an internal port group that is protected by a vShield Edge.
3
Click the vShield Edge tab.
4
Click the VPN link.
5
Type an External IP Address for the VPN service on the vShield Edge.
6
Type the NATed Public IP that represents the External IP Address to the external network.
7
Select the Log check box to log VPN activity.
8
Click Apply.
Next, identify a peer site.
To identify a VPN peer site
1
In the vSphere Client, go to Inventory > Networking.
2
Select an internal port group that is protected by a vShield Edge.
3
Click the vShield Edge tab.
4
Click the VPN link.
5
Under Peer Site Configuration, click Create Site.
6
Type a name to identify the site in Site Name.
7
Type the IP address of the site in Remote EndPoint.
8
Type the Shared Secret.
9
Type an MTU threshold.
10 Click Add.
Next, add a tunnel to connect to the site.
To identify a VPN peer site
1
In the vSphere Client, go to Inventory > Networking.
2
Select an internal port group that is protected by a vShield Edge.
3
Click the vShield Edge tab.
4
Click the VPN link.
5
Under Peer Site Configuration, select the appropriate peer from the Select or create a site drop-down list.
6
Click Add Tunnel.
7
Double-click the Tunnel Name cell and type a name to identify the tunnel.
8
Double-click the Remote Site Subnet cell and enter the IP address in CIDR format (A.B.C.D/M).
9
Double-click the Encryption cell and select the appropriate encryption type.
10 Click Commit.
11 Enable VPN service. See
54
"Start or Stop vShield Edge Services"
on page 56.
VMware, Inc.