VMware NSX Edge Gateway

This guide outlines the steps required to establish a secure IPSec connection between Timus and VMware NSX Edge Gateway in Timus and VMware Cloud Director.

Timus Configuration

Phase 1 – Parameters

Phase 1 Parameters Timus
  • Local Peer Identifier: Timus Gateway Public IP
  • Remote Peer Identifier: VMware Gateway Public IP
  • Key Exchange Type: IKEv1
  • Preshared Key: Your Preshared Key
  • Authentication Algorithm: SHA1
  • Encryption Algorithm: AES256
  • DH Group: modp2048 (Group 14)
  • Mode: Main
  • Create Firewall Rules Automatically: Enabled

Phase 1 – Miscellaneous

Phase 1 Miscellaneous Timus
  • Responder Only: False
  • Margin Time: 60 seconds
  • Lifetime: 28800 seconds
  • Dead Peer Detection (DPD): Enabled
    • DPD Delay: 10 seconds
    • DPD Max Failure: 5
  • NAT Traversal: Enabled

Phase 2

Phase 2 Timus
  • Authentication Algorithm: SHA256
  • Encryption Algorithm: AES256
  • Protocol: ESP
  • Perfect Forward Secrecy (PFS): Disabled
    • PFS Group: modp1024 (Group 2)
  • Lifetime: 3600 seconds
  • Tunnel Protocol: ALL
  • Create Firewall Rules Automatically: Enabled

VMware NSX Edge Gateway Configuration

1. Locate the Edge Gateway

  • Navigate to NetworkingEdge Gateways
  • Select your gateway (e.g., Your GW Name)
Edge Gateway List

2. Create the IPSec Tunnel

  • Click on IPSec VPN then New
IPSec VPN Wizard

General Settings:

  • Name: Timus
  • Type: Policy Based
  • Security Profile: Default
  • Status: Active
  • Logging: Inactive (optional)

Peer Authentication:

  • Mode: Pre-Shared Key
  • Key: Must match Timus

Endpoint Configuration:

  • Local IP: VMware Public IP (e.g., 1.2.3.4)
  • Local Networks: Your LAN Subnet
  • Remote IP: Timus GW Public IP
  • Remote Networks: 192.168.249.0/24

3. Customize the Security Profile

Click the three dots next to the tunnel and select Security Profile Customization.

Security Profile

Phase 1 (IKE Profile):

  • Version: IKEv1
  • Encryption: AES 256
  • Digest: SHA1
  • DH Group: Group 14
  • Lifetime: 28800 seconds
Security Profile

Phase 2 (Tunnel):

  • Encryption: AES 256
  • Digest: SHA256
  • DH Group: Group 2
  • PFS: Disabled
  • Lifetime: 3600 seconds
  • DPD Interval: 5 seconds

4. Create IP Sets

  • Go to NetworkingIP Sets
  • Click New
  • Add subnets like 192.168.249.0/24 (Timus) and your internal LAN
IP Set

5. Configure Firewall Rules

  • Navigate to FirewallRulesNew
  • Add two-way traffic rules between VMware LAN and Timus subnet
Firewall Rules

Example Rules:

  • Source: Your LAN SubnetDestination: Timus subnet → Action: Allow
  • Source: Timus subnet → Destination:Your LAN SubnetAction: Allow

Final Checks

  • Ensure tunnel state is Active
  • Firewall rules must match real subnets
  • Encryption and DH groups must align on both sides

Updated

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.