Enable IPSec VPN on Edge Gateway Services

Updated by Anthony Hakim on Sep 11, 2018
Article Code: kb/1158


In this KB article, we walk through how to enable an IPSec VPN on Edge Gateway Services within the vCloud Director (vCD) Web Console environment for CenturyLink Private Cloud on VMware Cloud Foundation™.


You must configure at least one IPSec VPN site on the NSX Edge before enabling the IPSec VPN service.

  • Login to your CenturyLink Private Cloud on VMware Cloud Foundation environment with an Org Admin Account

    Login to CenturyLink Private Cloud on VMware Cloud Foundation

  • Once logged in, click Administration at the top.

    IPSec VPN

  • Double-click your Org VDC to open.

    IPSec VPN

  • In the org001-vdc page, click on the Edge Gateways tab, then right-click your org001-edge, then select Properties...

    IPSec VPN

  • Select the Configure IP Settings tab, and take note of the (Public) IP Address for the Edge Gateway.

    IPSec VPN

  • Right-click your org001-edge, then select Edge Gateway Services... A new tab will open.

    IPSec VPN

  • Select the VPN tab, then IPSec VPN Sites, Click + sign to add IPsec VPN Sites (this is a prerequisite to enable IPsec VPN Services).

    IPSec VPN

  • Add IPsec VPN:

  • Enabled: Click slider to enable

  • Enable perfect forward secrecy (PFS): default

  • Name: Name your IPSec VPN

  • Local Id: Your Local Id

  • Local Endpoint: IP address of Edge Gateway

  • Local Subnets: Your Local Subnets

  • Peer Id: Your Peer Id

  • Peer Endpoint: IP address of Peer

  • Peer Subnets: Your Peer Subnets

  • Encryption Algorithm: Must match with peer

  • Authentication: Must match with peer

  • Change Shared Key:

  • Pre-Shared Key: Shared Key

  • Display Shared Key:

  • Diffie-Hellman Group: Must match with peer

  • Extension:


  • Click Keep
  • In the IPSec VPN Configuration page, select the Activation Status tab, and enable IPsec VPN Service Status


  • Configure the Peer/Remote Site.