< Back
Add-NsxIPsecSite
Post
NAME Add-NsxIPsecSite
SYNOPSIS
Add the IPsec Site configuration of an existing NSX Edge Services
Gateway.
SYNTAX
Add-NsxIPsecSite [-IPsec] <XmlElement> [-Enabled] [-Name <String>] [-Description <String>] -localId <String>
-localIp <IPAddress> -localSubnet <String[]> -peerId <String> -peerIp <String> -peerSubnet <String[]>
[-encryptionAlgorithm <String>] [-authenticationMode <String>] [-enablepfs] [-dhgroup <String>] [-psk <String>]
[-extension <String>] [-Connection <PSObject>] [<CommonParameters>]
DESCRIPTION
An NSX Edge Service Gateway provides all NSX Edge services such as firewall,
NAT, DHCP, VPN IPsec, load balancing, and high availability.
The NSX supports site-to-site IPSec VPN between an NSX Edge instance and
remote sites. Certificate authentication, preshared key mode, IP unicast
traffic, and no dynamic routing protocol are supported between the NSX Edge
instance and remote VPN routers.
The Add-NsxIPsecSite cmdlet configures the site IPsec configuration of
the specified Edge Services Gateway.
PARAMETERS
-IPsec <XmlElement>
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Enabled [<SwitchParameter>]
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-Name <String>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Description <String>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-localId <String>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-localIp <IPAddress>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-localSubnet <String[]>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-peerId <String>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-peerIp <String>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-peerSubnet <String[]>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-encryptionAlgorithm <String>
Required? false
Position? named
Default value AES
Accept pipeline input? false
Accept wildcard characters? false
-authenticationMode <String>
Required? false
Position? named
Default value PSK
Accept pipeline input? false
Accept wildcard characters? false
-enablepfs [<SwitchParameter>]
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-dhgroup <String>
Required? false
Position? named
Default value dh14
Accept pipeline input? false
Accept wildcard characters? false
-psk <String>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-extension <String>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Get-NsxIPsec | Add-NsxIPsecSite -localID localid -localIP 1.1.1.1 -localSubnet
192.168.23.0/24 -peerId peerid -peerIP 2.2.2.2 -peerSubnet 192.168.44.0/24 -psk VMware1!
Add a IPsec Site using PSK and default settings
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Get-NsxIPsec | Add-NsxIPsecSite -localID localid -localIP 1.1.1.1 -localSubnet
192.168.23.0/24 -peerId peerid -peerIP 2.2.2.2 -peerSubnet 192.168.44.0/24 -authenticationMode x.509
Add a IPsec Site using Certificate and default settings
Need to have enable Certificate on IPsec Global
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Get-NsxIPsec | Add-NsxIPsecSite -localID localid -localIP 1.1.1.1 -localSubnet
192.168.23.0/24 -peerId peerid -peerIP 2.2.2.2 -peerSubnet 192.168.44.0/24 -psk VMware1! -dhgroup dh4
-encryptionAlgorithm AES256
Add a IPsec Site using PSK and custom settings (use dhgroup dh14 and encryption AES256)
RELATED LINKS
SYNOPSIS
Add the IPsec Site configuration of an existing NSX Edge Services
Gateway.
SYNTAX
Add-NsxIPsecSite [-IPsec] <XmlElement> [-Enabled] [-Name <String>] [-Description <String>] -localId <String>
-localIp <IPAddress> -localSubnet <String[]> -peerId <String> -peerIp <String> -peerSubnet <String[]>
[-encryptionAlgorithm <String>] [-authenticationMode <String>] [-enablepfs] [-dhgroup <String>] [-psk <String>]
[-extension <String>] [-Connection <PSObject>] [<CommonParameters>]
DESCRIPTION
An NSX Edge Service Gateway provides all NSX Edge services such as firewall,
NAT, DHCP, VPN IPsec, load balancing, and high availability.
The NSX supports site-to-site IPSec VPN between an NSX Edge instance and
remote sites. Certificate authentication, preshared key mode, IP unicast
traffic, and no dynamic routing protocol are supported between the NSX Edge
instance and remote VPN routers.
The Add-NsxIPsecSite cmdlet configures the site IPsec configuration of
the specified Edge Services Gateway.
PARAMETERS
-IPsec <XmlElement>
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Enabled [<SwitchParameter>]
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-Name <String>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Description <String>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-localId <String>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-localIp <IPAddress>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-localSubnet <String[]>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-peerId <String>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-peerIp <String>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-peerSubnet <String[]>
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-encryptionAlgorithm <String>
Required? false
Position? named
Default value AES
Accept pipeline input? false
Accept wildcard characters? false
-authenticationMode <String>
Required? false
Position? named
Default value PSK
Accept pipeline input? false
Accept wildcard characters? false
-enablepfs [<SwitchParameter>]
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-dhgroup <String>
Required? false
Position? named
Default value dh14
Accept pipeline input? false
Accept wildcard characters? false
-psk <String>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-extension <String>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Get-NsxIPsec | Add-NsxIPsecSite -localID localid -localIP 1.1.1.1 -localSubnet
192.168.23.0/24 -peerId peerid -peerIP 2.2.2.2 -peerSubnet 192.168.44.0/24 -psk VMware1!
Add a IPsec Site using PSK and default settings
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Get-NsxIPsec | Add-NsxIPsecSite -localID localid -localIP 1.1.1.1 -localSubnet
192.168.23.0/24 -peerId peerid -peerIP 2.2.2.2 -peerSubnet 192.168.44.0/24 -authenticationMode x.509
Add a IPsec Site using Certificate and default settings
Need to have enable Certificate on IPsec Global
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Get-NsxIPsec | Add-NsxIPsecSite -localID localid -localIP 1.1.1.1 -localSubnet
192.168.23.0/24 -peerId peerid -peerIP 2.2.2.2 -peerSubnet 192.168.44.0/24 -psk VMware1! -dhgroup dh4
-encryptionAlgorithm AES256
Add a IPsec Site using PSK and custom settings (use dhgroup dh14 and encryption AES256)
RELATED LINKS