ChrisOk
Contributor
Contributor

[NSX-T] L2 VPN services to third party VPN?

Hello,

I need a a kind of simple layer 2 tunnel into a NSX-T segment from another building with minimum bandwith requirement for the tunnel itself (<< 10 Mbit/s). My goal is to get rid off an old BACnet based hardware server, but those BACnet end device need layer 2 connection to the BACnet server. So I actually need a L2 VPN server on NSX-T and a L2 VPN client in the other building.

According to the administrator manual L2 VPN server is meant to be used with NSX-T edges, only:

The L2 VPN service support is provided in the following deployment scenarios.

    Between an NSX-T Data Center L2 VPN server and an L2 VPN client hosted on an NSX Edge that is managed in an NSX Data Center for vSphere environment. A managed L2 VPN client supports both VLANs and VNIs.
    Between an NSX-T Data Center L2 VPN server and an L2 VPN client hosted on a standalone or unmanaged NSX Edge. An unmanaged L2 VPN client supports VLANs only.
    Between an NSX-T Data Center L2 VPN server and an L2 VPN client hosted on an autonomous NSX Edge. An autonomous L2 VPN client supports VLANs only.
    Beginning with NSX-T Data Center 2.4 release, L2 VPN service support is available between an NSX-T Data Center L2 VPN server and NSX-T Data Center L2 VPN clients. In this scenario, you can extend the logical L2 segments between two on-premises software-defined data centers (SDDCs).

Has anyone tried setting up a layer 2 tunnel between NSX-T and a third party VPN server (Cisco, Fortinet, ...), i.e. IPsec + .... ?

Setting up an additional hardware server with NSX-T on it, i.e. NSX Edge bare metal with its CPU/NIC requirements would be way oversized and too expensive. I´d rather need something like "NSX Edge bare metal on Raspberry Pi" instead.

What would you propose?

0 Kudos
3 Replies
farhan_p2000
VMware Employee
VMware Employee

Understanding Layer 2 VPN (vmware.com)

This L2 VPN feature is available only for NSX-T Data Center and does not have any third-party interoperability.

0 Kudos
CyberNils
Hot Shot
Hot Shot

Hi.

You can deploy an Autonomous Edge as an L2 VPN Client. It's free! 🙂

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-BE8A3D3C-5E0D-4777-B4F4-...



Nils Kristiansen
https://cybernils.net/
0 Kudos
OFURZ
Contributor
Contributor

Unfortunately the autonomous edge is only available as OVF. There seems to be no option to run it on a bare metal server.

0 Kudos