L2 VPN allows extension of your organization virtual data center by allowing virtual machines to maintain network connectivity while retaining the same IP address across geographical boundaries. Using an advanced edge gateway, you can use the L2 screen in the Console to configure the L2 VPN service on that edge gateway.
L2 VPN allows you to configure a tunnel between two sites. Virtual machines remain on the same subnet despite being moved between these sites, which enables you to extend your organization virtual data center by stretching its network using L2 VPN. An edge gateway at one site can provide all services to virtual machines on the other site.
To create the L2 VPN tunnel, you configure an L2 VPN server and L2 VPN client. The L2 VPN server is the destination edge gateway and the L2 VPN client is the source edge gateway. After configuring the L2 VPN settings on each edge gateway, you must then enable the L2 VPN service on both the server and the client.Note: A routed organization virtual data center network created as a subinterface must exist on the edge gateways.
To use the Console to work with edge gateway services, the edge gateway must be converted to an advanced edge gateway. All iland NSX edge gateways have already been converted to advanced.
Before configuring the L2VPN server the distributed port groups need to be setup correctly. The requirements are:
In the Console navigate to the Edge Gateway that will be used as the L2VPN server. Click on the “L2VPN” tab. If L2VPN mode is set to “Not configured” click on the actions menu and select “Configure “L2VPN”
Set the L2VPN Mode to Server.
Set the Listener IP to the public IP address of the NSX Edge. Set the Listener Port to 443 (by default, or use an appropriate port number)
Choose an Encryption Algorithm to use for the L2VPN.
In the Site Configuration Details section, click the add a peer site option
The L2 VPN client is the source NSX edge that initiates communication with the destination (iland Secure Cloud) NSX edge, the L2 VPN server.
For more information on the client side setup, troubleshooting tips, and verifying general connectivity see the walkthrough described in the article here: