VMware Networking Community
m1xed0s
Enthusiast
Enthusiast
‎12-06-2016 08:14 AM
Jump to solution

VPN Tunnel in ESG

Hi,

NSX document shows "You can have a maximum of 64 tunnels across a maximum of 10 sites." here: NSX 6 Documentation Center

That is not really clear for me. "maximum 64 tunnels" means that one ESG can have up to 64 ipsec tunnels? If so, what does "across a maximum of 10 sites" mean?

If "across a maximum of 10 sites" means 10 remote locations to VPN to ESG, then why would I need more than one tunnel to one single location?

Also, is there any compatibility matrix regarding the ESG Layer2VPN inter-operability with any other vendor products/firewalls?

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
chuckbell
VMware Employee
VMware Employee
‎12-07-2016 12:07 AM
Jump to solution

That is older documentation. The 6.2 guide has different verbiage: IPSec VPN Overview

Thinking out loud to answer your question. "...across 10 remote locations" verbiage has been removed. My guess is it was unclear and probably referred to the 10 interfaces an ESG can have.

Newer docs state: "...The number of tunnels needed is defined by the number of local subnets multiplied by the number of peer subnets. For example, if there are 10 local subnets and 10 peer subnets you need 100 tunnels. The maximum number of tunnels supported is determined by the ESG size, as shown below..."

View solution in original post

Reply
0 Kudos
5 Replies
chuckbell
VMware Employee
VMware Employee
‎12-07-2016 12:07 AM
Jump to solution

That is older documentation. The 6.2 guide has different verbiage: IPSec VPN Overview

Thinking out loud to answer your question. "...across 10 remote locations" verbiage has been removed. My guess is it was unclear and probably referred to the 10 interfaces an ESG can have.

Newer docs state: "...The number of tunnels needed is defined by the number of local subnets multiplied by the number of peer subnets. For example, if there are 10 local subnets and 10 peer subnets you need 100 tunnels. The maximum number of tunnels supported is determined by the ESG size, as shown below..."

Reply
0 Kudos
m1xed0s
Enthusiast
Enthusiast
‎12-07-2016 09:27 AM
Jump to solution

Thanks, now that makes sense. But still a little bit awkward to could by sinners not just by tunnel end-points...

now now just need to figure out if there is a compatible 3rd party device can do layer2vpn with ESG.

Reply
0 Kudos
chuckbell
VMware Employee
VMware Employee
‎12-07-2016 12:12 PM
Jump to solution

L2VPN would require an ESG. You do not have to license remote side, the client (standalone edge client can be downloaded from myVMware site), but you would need ENT NSX version on server side.

L3VPN can be 3rd party capable of IPSEC tunnel termination

Reply
0 Kudos
m1xed0s
Enthusiast
Enthusiast
‎12-11-2016 11:41 AM
Jump to solution

‌@Chuckbell, do you have a link for downloading the standalone ESG client for layer2VPN? Somehow I could not find it...

Reply
0 Kudos
chuckbell
VMware Employee
VMware Employee
‎12-14-2016 07:57 PM
Jump to solution

Not sure if this link will work. But login into your myvmware.com and click on all downloads then go to network and security.  The link will be called "standalone edge client"

https://my.vmware.com/group/vmware/details?downloadGroup=NSXV_624&productId=417&rPId=14040

Reply
0 Kudos