top of page
Search

Steps For Creating a Policy-Based VPN

Writer's picture: Mohammed BilalMohammed Bilal
May 16, 20223 min read

You can refer to the below steps to create a policy-based VPN in VMware Cloud:

  • Log In to the On-Premises vCenter Server Instance

  • Create a Policy-Based VPN

  • Configure an On-Premises VPN

  • Verify the Policy-Based VPN

  • Verify Connectivity Over the VPN

You create a policy-based VPN between the Tier-0 gateway of the VMware Cloud on AWS SDDC and the VyOS gateway appliance in the on-premises environment

Log In to the On-Premises vCenter Server Instance:

  • Log in to the on-premises vCenter Server instance using Active Directory (AD) credentials

  • Navigate to the Hosts and Clusters view in the vSphere Client and locate the on-premises vSphere environment

    • In the Menu drop-down menu, select Host and Clusters

    • In the left pane, expand the vSphere inventory tree

    • Observe that the on-premises vSphere environment appears in the menu

  • Power on the on-premises virtual machines

    • Right-click the db-1a virtual machine and select Power > Power On

    • Right-click the app-1a virtual machine and select Power > Power On

    • Right-click the web-1a virtual machine and select Power > Power On

    • Right-click the web-2a virtual machine and select Power > Power On

    • Right-click the web-VIP virtual machine and select Power > Power On


Create a Policy-Based VPN:


You create a policy-based VPN in VMware Cloud so that you can connect to another data center

  • In the VMware Cloud console browser tab, navigate to the SDDC summary page

  • On the Networking & Security tab, click VPN under Network

  • Select the Policy-Based tab

  • Create a policy-based VPN

    • Click ADD VPN

    • Enter On-Prem-VPN for the VPN Name

    • In the Local IP Address drop-down menu, select Public IP1 (XX.XX.XX.XXX) The IP address varies for each lab instance

    • In the Remote Public IP text box, enter the on-premises public IP address that you recorded to your text file (Notepad) earlier

    • In the Remote Networks text box, enter 172.20.10.0/24 and click Add Item(s)

The 172.20.10.0/24 network is the on-premises management network

  • In the Remote Networks text box, enter 172.20.11.0/24 and click Add Item(s)

The 172.20.11.0/24 network is the on-premises vSphere vMotion network

  • For Local Networks, select sddc-cgw-network-1 and select Infrastructure Subnet

  • Enter Password in the Preshared Key text box

  • Enter 172.20.0.254 in the Remote Private IP text box

This address is the uplink address of the on-premises VyOS router that is used in this lab environment

  • In the IKE Type drop-down menu, select IKE V1

  • Click SAVE

The VPN status appears as Down, which is expected. You can continue to the next lab task to configure the on-premises VPN


Configure an On-Premises VPN:


NOTE: You configure the on-premises VPN for connecting to another data center, you need to have a router configured that connects your network from On-Prem to Cloud for successfully connecting to the VPN


Verify the Policy-Based VPN:


You verify the status of the policy-based VPN in VMware Cloud on AWS

  • In the VMware Cloud console browser tab, navigate to the SDDC summary page

  • Click the Networking & Security tab

  • Under Network, click VPN and select the Policy-Based tab on the VPN page

  • Under the Status column, click the REFRESH icon

  • The status of the VPN appears as Success


Verify Connectivity Over the VPN:


You verify connectivity to the VM in the VMware Cloud SDDC from the on-premises environment


  • Open Windows PowerShell

  • Run the ping command to test network connectivity from the on-premises machine to the Photo-App-01 VM in the VMware Cloud SDDC

ping 192.168.xxx.x

  • You can obtain the IP address of the VM from the vSphere Client Summary tab of the VM that runs in the VMware Cloud SDDC. Using the VPN, you can connect from the on-premises environment to a virtual machine running in the VMware Cloud SDDC

NOTE: It might take approximately 1 minute for the VMware Cloud to on-premises VPN to be fully established and for pings to return successfully

  • Obtain the vSphere vMotion VMkernel interface IP address of the SDDC ESXi host

    • Navigate to the browser tab for the SDDC vSphere Client instance

    • In the SDDC vSphere Client instance, select Menu --> Hosts and Clusters

    • Select the ESXi host and click the Configure tab

    • Click VMkernel adapters

    • From the list of VMkernel adapters, record the IP address for the VMkernel adapter with the network label VMotion

  • Run the ping command to test network connectivity from the on-premises machine to the vSphere vMotion network in the VMware Cloud SDDC

601 views0 comments

Recent Posts

See All

List of AWS services and their description

Recently I completed the AWS associate architect training and thought of collating all the AWS services and their description into a...

0 comments

Comentarios

Subscribe Form

Thanks for submitting!

©2022 by virualbug.in

bottom of page