---
title: "Setting up an IPsec Tunnel with NSX (EN)"
description: "Learn how to configure an IPsec tunnel"
url: https://docs.ovhcloud.com/it/guides/hosted-private-cloud/powered-by-vmware/nsx-configure-ipsec
lang: it
lastUpdated: 2023-07-05
---
# Setting up an IPsec Tunnel with NSX (EN)

## Objective

**Learn how to configure an IPsec tunnel with NSX.**

:::warning
OVHcloud provides you with services for which you are responsible for configuration, management, and liability. It is your responsibility to ensure their proper functioning.

This guide aims to assist you with common tasks. However, we recommend seeking assistance from a [specialized provider](https://partner.ovhcloud.com/it/directory/) if you encounter difficulties or have doubts regarding the administration, usage, or implementation of a service on a server.

:::

## Prerequisites

- Being the administrative contact for the [VMware on OVHcloud infrastructure](https://www.ovhcloud.com/en/enterprise/products/hosted-private-cloud/), and having received the connection credentials.
- An active user account with specific rights for NSX (created in the <ManagerLink to="/">OVHcloud Control Panel</ManagerLink>).
- Having **NSX** deployed with two configured segments in your NSX configuration. Refer to our guide on [NSX segment management](/it/guides/hosted-private-cloud/powered-by-vmware/nsx-segment-management.md) for more information.

## Instructions

Here is the tunnel we want to establish between two infrastructures:

![12 Create IPSec 01](/images/hosted-private-cloud/powered-by-vmware/nsx-12-configure-ipsec/12-create-ipsec-01.png)
From the NSX interface, go to the `Networking
` tab, select `VPN
` under the **VPN Services**
 section and click on `ADD SERVICE
`, then select `IPSec
`.
Provide the following information:

- **Name**: Enter a name.
- **Tier-0/Tier-1 Gateway**: Enter `ovh-T0-gw | Tier-0`.

![12 Create IPSec 02](/images/hosted-private-cloud/powered-by-vmware/nsx-12-configure-ipsec/12-create-ipsec-02.png)
Next, you need to specify the parameter type for the different IPSec stages. To do this, you will need to provide the IKE, IPSec, and DPD profiles (default profiles may already be provided).

From the NSX interface, go to the `Networking
` tab, select `VPN
` under the **Profiles**
 section, choose `IKE PROFILES
` then click `ADD IKE PROFILE
`.
Provide the following information with your parameters:

- **Name**: Enter a name.
- **IKE Version**: Enter the IKE version.
- **Encryption Algorithm**: Choose the algorithm.
- **Digest Algorithm**: Choose the algorithm.
- **Diffie-Hellman**: Choose the group.

![12 Create IPSec 03](/images/hosted-private-cloud/powered-by-vmware/nsx-12-configure-ipsec/12-create-ipsec-03.png)
Next, from the NSX interface, go to the `Networking
` tab, select `VPN
` under the **Profiles**
 section, choose `IPSec PROFILES
`, then click `ADD IPSEC PROFILE
`. Complete the IPSec information with your parameters.
Finally, from the NSX interface, go to the `Networking
` tab, select `VPN
` under the **Profiles**
 section. Choose `DPD PROFILES
` and click `ADD DPD PROFILE
`. Complete the DPD information with your parameters.
Next, you need to create a Local Endpoint:

From the NSX interface, go to the `Networking
` tab, select `VPN
` under the **Local Endpoint**
 section and click `ADD LOCAL ENDPOINT
`.
Complete the following information with your parameters:

- **Name**: Enter a name.
- **IPSec Service**: Select the previously created VPN service.
- **IP Address**: Select an available IP from your range of public IPs associated with the PCC.
- **Local ID**: Enter the local ID of the IPSec tunnel.

![12 Create IPSec 04](/images/hosted-private-cloud/powered-by-vmware/nsx-12-configure-ipsec/12-create-ipsec-04.png)
Finally, you need to complete the IPSec session configuration.

From the NSX interface, go to the `Networking
` tab, select `VPN
` under the **IPSec Sessions**
 section and click `ADD IPSEC SESSION
`.
Complete the following information with your parameters:

- **Name**: Enter a name.
- **Type**: Policy Based.
- **VPN Service**: Select the previously created VPN Service.
- **Local Endpoint**: Select the previously created Local Endpoint.
- **Remote IP**: Select the IP of the remote IPSec tunnel.
- **Authentication Mode**: Choose the authentication mode (e.g. PSK).
- **Pre-shared Key**: Enter the shared key for the IPSec tunnel.
- **Local Networks**: Enter the local networks to advertise.
- **Remote Networks**: Enter the remote networks to know.
- **Remote ID**: Enter the remote ID of the tunnel.

Under `Advanced Properties
`, complete the following information with your parameters:
- **IKE Profiles**: The previously created IKE profile or default profiles.
- **IPSec Profiles**: The previously created IPSec profile or default profiles.
- **DPD Profiles**: The previously created DPD profile or default profiles.

![12 Create IPSec 05](/images/hosted-private-cloud/powered-by-vmware/nsx-12-configure-ipsec/12-create-ipsec-05.png)
If everything is properly configured on the other side, you should see a green "Success" status.

## Go further

[Getting Started with NSX](/it/guides/hosted-private-cloud/powered-by-vmware/nsx-first-steps.md)

[NSX Segment Management](/it/guides/hosted-private-cloud/powered-by-vmware/nsx-segment-management.md)

[VMware Documentation on NAT in NSX](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-7AD2C384-4303-4D6C-A44A-DEF45AA18A92.html)

If you require training or technical assistance for the implementation of our solutions, contact your account manager or click [this link](https://www.ovhcloud.com/it/professional-services/) to request a quote and a personalized analysis of your project from our Professional Services team.

Join our community of users on [https://community.ovh.com/en/](https://community.ovh.com/en/).