top of page
Search
Writer's pictureMohammed Bilal
May 16, 20223 min read

Configuring a Layer 2 VPN and Extended Network

Below are the steps to create a VMware Cloud on AWS extended network that uses a layer 2 VPN:

  • Configure a Layer 2 VPN Tunnel in the SDDC

  • Configure a Layer 2 VPN Tunnel in the On-Premises Environment

  • Configure a Layer 2 VPN Extended Segment

  • Configure the Management Gateway DNS Forwarder

You create a layer 2 VPN tunnel between the Tier-0 gateway of the VMware Cloud on AWS SDDC and the on-premises NSX Autonomous Edge.

Configure a Layer 2 VPN Tunnel in the SDDC:


You create and configure the VMware Cloud on the AWS side of a layer 2 (L2) VPN tunnel to connect to another data center.

  • Open Windows PowerShell

  • Run the curl command to your interface on the PowerShell command prompt to return you the L2 public IP

curl.exe --interface 172.20.255.80 https://ifconfig.me

  • Record the L2 public IP address that the command returns

  • In the VMware Cloud console browser tab, navigate to the SDDC summary page

  • Click the Networking & Security tab

  • Under Network, select VPN

  • Click the Layer 2 tab

  • Create a VPN tunnel

    • Click ADD VPN TUNNEL

    • For Local IP Address, click the drop-down menu and select Public IP1

    • For Remote Public IP, enter the L2 public IP address that you recorded in the above step post executing the PowerShell script

    • Enter 172.20.255.79 (Is the NSX uplink IP address of the on-premises NSX Autonomous Edge) in the Remote Private IP text box

This IP address is the uplink IP address of the on-premises NSX Autonomous Edge

  • Click SAVE

  • Click OK

The layer 2 VPN is created. The Status appears as Down, which is expected at this point in the lab

  • Download the L2 VPN tunnel configuration file

    • Expand the details of the layer 2 VPN configuration

    • Click DOWNLOAD CONFIG

A Warning dialog box appears

  • Click YES

The L2VPNSession_L2VPN_config.txt file is downloaded to the Downloads directory

  • Open the L2VPNSession_L2VPN_config.txt file in Notepad or Notepad++ and locate the peer_code section of the file


Configure a Layer 2 VPN Tunnel in the On-Premises Environment:


You configure an NSX Autonomous Edge to provide a L2 VPN tunnel from on-premises to VMware Cloud.


  • In a browser, tab open the NSX Autonomous Edge

  • Log in to the NSX Autonomous Edge

    • User name: admin

    • Password: XXXXXXXXXXXXXXX

  • Add a new port to extend the VLAN10 network

    • Click PORT in the left menu

    • Click ADD PORT

    • Enter VLAN_10 in the Port Name text box

    • Enter 10 in the VLAN text box

    • In the Exit Interface drop-down menu, select eth2

    • Click SAVE

  • Add a new L2 VPN session

    • Click L2VPN in the left menu

    • Click ADD SESSION

    • Enter L2_VMC in the Session Name text box

    • Enter 172.20.255.79 in the Local IP text box

    • In the Remote IP text box, enter the VPN Public IP recorded above

    • In the Peer Code text box, paste in the peer_code from the L2VPNSession_L2VPN_config.txt file

  • Click SAVE

The new session appears

  • Attach a port to the session

    • Click ATTACH PORT

    • In the Session drop-down menu, select L2_VMC

    • In the Port drop-down menu, select VLAN_10

    • Enter 100 in the Tunnel ID text box

The tunnel ID must match the source and destination

  • Click ATTACH

  • Click REFRESH and the status of the session appears as UP


Configure a Layer 2 VPN Extended Segment:


You configure an extended network segment to use with an L2 VPN tunnel.


  • In the VMware Cloud console browser tab, navigate to the SDDC summary page

  • Click the Networking & Security tab

  • Under Network, click VPN

  • Click the Layer 2 tab

  • In the Status column, click the REFRESH icon

The status of the Layer 2 VPN appears as Success

  • Create an extended segment to extend the on-premises VLAN 10 network to the SDDC

    • Click ADD SEGMENT

    • Enter VLAN10_SDDC in the Segment Name text box

    • Enter 100 for Tunnel ID

The Tunnel ID must be the same ID used in the previous task

  • Click SAVE

The segment is added successfully.


Configure the Management Gateway DNS Forwarder:


You configure the management gateway DNS forwarder to use the on-premises DNS server.

  • Navigate to the SDDC summary page

  • Click the Networking & Security tab

  • Under System, click DNS

  • Click the DNS Services tab

  • Edit the Management Gateway DNS Forwarder

    • In the list of DNS services, click the Available actions menu for the Management Gateway DNS Forwarder

    • Select Edit DNS Server IPs

    • Enter 172.20.10.10 in the Server IP 1 text box

    • Delete the address in the Server IP 2 text box

    • Click SAVE


537 views0 comments

Recent Posts

See All

Comments

bottom of page