VMware NSX

 View Only

NSX-T Micro Segmentation Design Questions

  • 1.  NSX-T Micro Segmentation Design Questions

    Posted Jun 14, 2021 10:41 PM

    In a current NSX-V deployment have the a subnet defined for my NSX edges outside interface and a 1-to-1 NAT at the upstream firewall to allow for VPN services to terminate directly on the Edge Gateway (all static routing).  In the new NSX-T environment trying to accomplish something similar(currently disabled BGP on the tier-0 gateway and have a static route pointing to the firewall).  I have it deployed and I'm able to get the Tier-0 gateway on the same vlan and ping it from the upstream firewall, but trying to understand how the vpn services are setup for multiple tenants who should have no connectivity east-west.  I've setup the firewall w/ common items in the infrastructure, setup groups and rules to block the east-west traffic as well.  I deployed a VPN Server as well under networking and applied it to the only T1 gateway I have at the moment.  Do I need to deploy a new T1 for each tenant and associate a new vpn service w/ that T1 or can I use 1 service and just define multiple Local Endpoints and connect different sites that way?