Hello,

I need a a kind of simple layer 2 tunnel into a NSX-T segment from another building with minimum bandwith requirement for the tunnel itself (<< 10 Mbit/s). My goal is to get rid off an old BACnet based hardware server, but those BACnet end device need layer 2 connection to the BACnet server. So I actually need a L2 VPN server on NSX-T and a L2 VPN client in the other building.

According to the administrator manual L2 VPN server is meant to be used with NSX-T edges, only:

The L2 VPN service support is provided in the following deployment scenarios.

    Between an NSX-T Data Center L2 VPN server and an L2 VPN client hosted on an NSX Edge that is managed in an NSX Data Center for vSphere environment. A managed L2 VPN client supports both VLANs and VNIs.
    Between an NSX-T Data Center L2 VPN server and an L2 VPN client hosted on a standalone or unmanaged NSX Edge. An unmanaged L2 VPN client supports VLANs only.
    Between an NSX-T Data Center L2 VPN server and an L2 VPN client hosted on an autonomous NSX Edge. An autonomous L2 VPN client supports VLANs only.
    Beginning with NSX-T Data Center 2.4 release, L2 VPN service support is available between an NSX-T Data Center L2 VPN server and NSX-T Data Center L2 VPN clients. In this scenario, you can extend the logical L2 segments between two on-premises software-defined data centers (SDDCs).

Has anyone tried setting up a layer 2 tunnel between NSX-T and a third party VPN server (Cisco, Fortinet, ...), i.e. IPsec + .... ?

Setting up an additional hardware server with NSX-T on it, i.e. NSX Edge bare metal with its CPU/NIC requirements would be way oversized and too expensive. I´d rather need something like "NSX Edge bare metal on Raspberry Pi" instead.

What would you propose?