Toggle Navigation Toggle Navigation
  • Lumen Connect overview
  • Getting started/General
  • Services
  • APIs
  • Monitoring & Reports
  • Billing
  • Admin
  • Support
  • Orders (Wholesale)
  • Other portals overview
  • Media portal
  • DDoS Mitigation & Reporting
  • Security Solutions portal
  • VoIP portal
  • View all product support
  • Infrastructure
  • Connectivity
  • Security
  • Communication
  • Media & Entertainment
  • LSR portal
  • Port Out Request tool
  • Virtual Front Office
  • Readiness overview
  • Product-specific readiness
  • Handbooks
  • All infrastructure services
  • Edge Bare Metal
  • Edge Gateway
  • Edge Private Cloud
  • Encrypted Wavelength Service
  • Network Storage
  • All connectivity services
  • Ethernet On-Demand
  • Fiber+ Internet
  • Internet On-Demand
  • IP VPN On-Demand
  • NaaS Port
  • On-Demand services
  • Troubleshooting tools
  • All security services
  • Adaptive Network Security
  • Adaptive Threat Intelligence
  • Application Delivery Solutions
  • DDoS Hyper
  • DDoS Mitigation Service
  • Lumen Defender Powered by Black Lotus Labs
  • Lumen SASE with Fortinet
  • Lumen SASE with Versa
  • Lumen SASE with VMware
  • Network-based Security
  • SD-WAN with Cisco Meraki
  • SD-WAN with Versa Networks
  • Security Log Monitoring
  • All communication services
  • Cloud Voice
  • Hosted VoIP
  • Local Inbound (LI)
  • Lumen Solutions for Microsoft Teams
  • Lumen Solutions for Webex
  • Lumen Solutions for Zoom
  • Lumen Solutions for Zoom for Government
  • SIP Trunking
  • Unified Communications and Collaboration
  • Voice Complete
  • VoIP Enhanced Local (ELS)
  • VoIP services
  • Vyvx® Broadcast Solutions
  • North America
  • Asia Pacific (APAC)
  • Contact us APIs

Configuring a site-to-site VPN for IPsec VPN sites

Use Lumen® Private Cloud on VMware Cloud Foundation to configure a site‑to‑site VPN (virtual private network) for IPsec VPN sites. Use this VPN to connect Lumen Private Cloud on VMware Cloud Foundation to your Lumen® Edge Private Cloud service. After you configure this, you must configure your Lumen Cloud to finish the connection. For more security, consider enabling distributed firewalls on your networks.

To configure a site-to-site VPN for IPsec VPN sites:

  1. Click Networking.

    The Lumen Private Cloud on VMware Cloud Foundation portal shows the Networks screen.
Networking tab.
  1. Click Edge Gateways, then click the edge gateway you want to configure the site-to-site VPN for.
  1. Click IPSec VPN.
  1. Click NEW.
Add IPSec VPN Tunnel window showing General Settings
  1. In the General Settings section, complete the following fields to begin configuring the IPsec VPN tunnel:

    1. Name—Type a name for the IPSec VPN tunnel.

    2. Description—Type a description for the IPSec VPN tunnel.

    3. Security Profile—Select the security profile for the IPSec VPN tunnel. To expand the profile details, click located next to the profile.

    4. Status—To  enable the IPSec VPN tunnel, turn this option on.

    5. Logging—To enable logging activity on the IPSec VPN tunnel, turn this option on.
  1. Click NEXT.
Add IPSec VPN Tunnel window showing Peer Authentication Mode
  1. In the Peer Authentication Mode section, complete the following fields to determine the authentication:

    1. Authentication Mode—Select one of the following options:

      • Pre‑Shared Key—Use a pre‑shared key for authentication. The configuration of NAT (network address translation) determines the pre‑shared key. If you configure NAT on the remote ID, enter the private IP address of the remote site. Otherwise, use the public IP address of the remote device.

      • Certificate—User certificates for authentication. The remote ID must match the certificate SAN (Subject Alternative Name). If the certificate SAN is not available, the remote ID must match the distinguished name of the certificate used to secure the remote endpoint.

    2. Pre‑Shared Key—If your authentication uses a pre‑shared key, type the pre‑shared key for the IPSec VPN tunnel.

    3. Server Certificate—If you are authenticating using a certification, click Select, then select the server certificate in the Use VMware Cloud Director Certificate section.

    4. CA Certificate—If you are authenticating using a certification, click Select, then select the CA (certificate authority) certificate in the Use VMware Cloud Director Certificate section.
  1. Click NEXT.
Add IPSec VPN Tunnel window showing Endpoint Configuration
  1. In the Endpoint Configuration section, complete the following fields to configure the endpoints:

    1. IP address—Type the IP address of the local endpoint for the IPSec VPN tunnel.

    2. Networks—Type the network CIDRs, separated by commas, for the local endpoint that the IPSec VPN tunnel will use.

    3. IP Address—Type the IP address of the remote endpoint for the IPSec VPN tunnel.

    4. Networks—Type the network CIDRs, separated by commas, for the remote endpoint that the IPSec VPN tunnel will use.

    5. Remote ID—Type the unique identified for the remote endpoint. This remote ID depends on the authentication mode selected for the tunnel. If you do not set it, the remote ID defaults to the remote IP address.
  1. Click NEXT.
  1. In the Ready to Complete section, review the configuration, then click FINISH.

    Lumen Private Cloud on VMware Cloud Foundation configures the IPSec VPN tunnel.
  1. After the tunnel is created, click IPSec VPN to view the status.
Edge gateway IPsec VPN details