NSX Edge supports site‐to‐site IPSec VPN between an NSX Edge instance and remote sites. NSX Edge supports certificate authentication, preshared key mode, IP unicast traffic, and no dynamic routing protocol between the NSX Edge instance and remote VPN routers. Behind each remote VPN router, you can configure multiple subnets to connect to the internal network behind an NSX Edge through IPSec tunnels. These subnets and the internal network behind a NSX Edge must have address ranges that do not overlap.

API-URL is a URL of the form https://vcloud.example.com/network.

id is a vCloud Director unique identifier in the form of a UUID, as defined by RFC 4122.

# is a small integer used in an NSX object identifier.

Summary of NSX Edge IPSec VPN Requests

Operation

Request

Request Body

Response

Retrieve the IPSec VPN configuration for the edge with identifier id.

GET API-URL/edges/id/ipsec/config

None

ipsec

Update the IPSec VPN configuration for the edge with identifier id.

PUT API-URL/edges/id/ipsec/config

ipsec

204 No Content

Delete the IPSec VPN configuration for the edge with identifier id.

DELETE API-URL/edges/id/ipsec/config

None

204 No Content

Retrieve IPSec VPN statistics for the edge with identifier id.

GET API-URL/edges/id/ipsec/statistics

None

ipsecStatusAndStats