[VMC on AWS] Inter SDDC Communication using Route Based VPN
Article ID: 313691
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
To enable communication from one SDDC to another SDDC by configuring a Route-Based VPN.
Resolution
- The communication between two SDDCs is done by creating a Virtual Private Network (VPN).
- One VPN on each of the two SDDCs should be created with relevant fields.
- The following is the procedure to create a Route Based VPN for SDDC to SDDC communication.
- Log in to the VMC Console at https://vmc.vmware.com
- Select the first SDDC from the console.
- Navigate to the Networking & Security > VPN > Route Based.
- Click ADD VPN and give the new VPN a Name.
- Select a Local IP Address for the VPN.
- Enter the Remote Public IP address of the second SDDC.
- For BGP Local IP/Prefix Length, enter the IP address, in CIDR format, of the local VPN tunnel.
- Choose a network of size of /30 from the 169.254.0.0/16 subnet. The second and third IP addresses in this range are configured as the remote and local VTI (VPN Tunnel Interface).
- For BGP Remote IP, enter the BGP interface address of the second SDDCs VPN gateway.
- This address must be a valid host IP on the subnet defined by the IP and Prefix Length you supplied and must not be the same as the BGP Local IP.
- For BGP Remote ASN, enter the ASN of the second SDDC VPN gateway.
- Configure Advanced Tunnel Parameters which include Tunnel encryption, Tunnel Digest Algorithm, Perfect Forward Secrecy, IKE Encryption, IKE Digest Algorithm, IKE Type,Diffie Hellman, Preshared Key, Remote Private IP .
6. (Optional) Under Advanced BGP Parameters, enter a BGP Secret that matches the one used by the second SDDC.
7. Click Save.
8. Navigate to the second SDDC > Network and Security > VPN > Route-based.
9. Click on Add VPN and fill in the name for the VPN. Also, fill in the Local IP address, Remote Public IP, BGP Local IP/Prefix Length, BGP Remote IP, BGP Remote ASN.
10. Configure the same Advanced Tunnel Parameters as done for step 5. Ensure that the Preshared Key is correct and click on Save.
As the Route Based VPN is created from the two SDDCs, it is now possible to communicate between the two SDDCs.
8. Navigate to the second SDDC > Network and Security > VPN > Route-based.
9. Click on Add VPN and fill in the name for the VPN. Also, fill in the Local IP address, Remote Public IP, BGP Local IP/Prefix Length, BGP Remote IP, BGP Remote ASN.
10. Configure the same Advanced Tunnel Parameters as done for step 5. Ensure that the Preshared Key is correct and click on Save.
As the Route Based VPN is created from the two SDDCs, it is now possible to communicate between the two SDDCs.
Feedback
Yes
No
Powered by
