There is a requirement to establish L2VPN connectivity from VMware Cloud Director (NSX-T on AVS) to multiple customer on-premises sites, using the NSX-T Edge Gateway as the L2VPN Server.

Customer environments vary (ESXi, other virtual platforms, physical systems) and require a lightweight, standalone L2VPN client solution that operates without a full NSX-T deployment (no NSX Manager).

Prerequisites regarding NSX-T Autonomous Edge (L2VPN Client) supported deployment options, correct appliance/image download, and licensing requirements.

VMware NSX 4.1.1.X

The NSX Autonomous Edge is a verified architectural solution for extending Layer 2 networks from unmanaged on-premises environments to an NSX-managed L2VPN Server.

Verify Supported Deployment Options:

• The Autonomous NSX Edge (officially referred to as NSX Edge for VMware ESXi) is deployed exclusively using an OVF file on an ESXi host that is not managed by an NSX Manager.
• It functions as an unmanaged L2 VPN client and maps local customer VLANs to the extended network tunnel.

Environmental Limitations:

• The Autonomous Edge appliance requires a VMware ESXi hypervisor.
• It is not supported for native deployment on physical operating systems, bare-metal servers, or third-party hypervisors (e.g., KVM, Hyper-V).
• For customer sites lacking existing ESXi infrastructure, a dedicated ESXi host must be provisioned strictly to run the OVF appliance.

Redundancy:

• High Availability (HA) is supported on the client side by deploying primary and secondary Autonomous Edge appliances.

Download the Correct Appliance/Image:

• For NSX version 4.1.1, the required image is the standard VMware NSX Edge Virtual Appliance OVF available via the Broadcom Support Portal.

Export Restriction Constraint:

• You must download and deploy the General Availability (GA) build. The Limited Export (LE) build is functionally restricted.
• Attempting to configure L2VPN on an LE build will result in session creation failures containing the explicit fault string: This API is restricted due to limited export restrictions (Error Code 36917).

Confirm Licensing Requirements:

• An Autonomous Edge deployed explicitly as an L2VPN client does not require a local, standalone NSX license key.
• The architectural requirement dictates that only the L2VPN Server (located in the VMware Cloud Director / NSX-T environment) must be fully licensed for VPN services.
• The unmanaged client negotiates the tunnel relying on the cloud-side entitlement.

Broadcom KB 376533