Connect Onprem Datacenter to VMware Cloud on AWS(IPsec VPN ) Part-1
Today we will talk about how you can connect your on-prem management components to VMC Management components .. the use cases are setting up HLM or accessing your vmc vCenter from private network (more security) instead of resolving the url on public IP.
To accomplish the above we can setup an ipsec VPN tunnel between your on-prem ipsec router with the vmc gateway.
every data-center is a different environment with different components and connections however the basics always remains the same, to demonstrate IPsec vpn connectivity I am using my home-lab as onprem data-center, and before proceeding further let's understand how my setup looks like.
I have a T7600 workstation server where I have installed windows 7 and on top of that VMware workstation 14 is running. all my management components like my Esxi, vCenter VCSA, openfiler are installed in VMware workstation, along with these I have installed a community edition of pfsense virtual router appliance. and I have connected the pfsense to my ISP router directly with bridging network card option of VMware workstation. hence pfsense virtual applinace is getting IP directly from my ISP router.
Moreover you can also use nsx as well for ipsec vpn and connect the nsx edge directly to you ISP router.
Here is a representation of my setup :
On-prem Firewall – If the on-premises gateway is behind another firewall or if the device itself is performing a firewall function, then allow the following traffic types from VMware Cloud on AWS gateways to pass through the firewall:
Open UDP port 500 to allow ISAKMP traffic
Set IP protocol ID 50 to allow IPsec ESP traffic
Open UDP port 4500 if using NAT-T
These are the prerequisites, Lets continue the actual configuration in part-2