Hello,

I have an operating system running inside VMWare ESXi 5.1.  Let's call is "MyLinux".  It's a modified version of Linux which does not support IPSec.  So I'm trying to get VMWare to handle IPSec for MyLinux.

I've used esxcli commands to successfully create IPSec configurations between VMWare itself and other systems. 

However, I'm wondering if I can use the same esxcli commands to configure IPSec between MyLinux and other systems?  In my tests, VMWare does not appear to perform IPSec tunneling of data between running virtual machines and other systems.

This is an illustration of the configuration I created for MyLinux in VMWare.  I also created a security policy which is not shown.

Name                              Source Address                            Destination Address               State     SPI      Mode       Encryption Algorithm  Integrity Algorithm  Lifetime

--------                              -------------------------------------      -------------------------------------  ------      -----     ---------     --------------------               -------------------           --------

MyLinuxToExternalSA  MyLINUX.IPv6.ADDRESS           EXTERNAL.IPv6.ADDRESS     mature  0x300  transport  3des-cbc                            hmac-sha2-256          infinite

ExternalToMyLinuxSA  EXTERNAL.IPv6.ADDRESS        MyLINUX.IPv6.ADDRESS        mature  0x256  transport  3des-cbc                            hmac-sha2-256          infinite

When I captured a TCP trace of ping between MyLinux and the external system, MyLinux never sent IPSec packets. Everything was sent in the clear.  This suggests VMWare does not apply the rule to MyLinux, but would like to confirm.  Thanks.

Kwabena