How to setup an IPsec site to site VPN connection

To securely connect your cloud environment to a remote network a site to site VPN connection can be configured within CloudPlatform. A site to site VPN connection requires that a VPC be used. Our example environment is specified below:
 
CloudCentral CloudPlatform Example Environment:
Network range: 10.0.0.0/24
Gateway: 1.1.1.1
 
External Remote Network:
Network range: 192.168.0.0/24
Gateway: 2.2.2.2
 
  1. In CloudPlatform you may already be using a VPC for your networks, to check select Network and change the select view drop down to VPC. If nothing appears here then you do not have a VPC set up and you will need to click the Add VPC button towards the top right to create one. For further information regarding a VPC, see here.
  2. Next a VPN customer gateway needs to be setup, in CloudPlatform select Network and change the select view drop down to VPN customer gateway.
  3. Click the Add VPN Customer Gateway button towards the top right.


     
  4. Fill out the details of the remote connection, that is the external site that you want to connect to. Take note of these settings as the exact configuration will also need to be used on the other side of the connection.


     
  5. In CloudPlatform select Network and change the select view drop down to VPC.
  6. Click the Configure button on the VPC that will be participating in the site to site connection.


     
  7. Click the Site-to-site VPNs button.


     
  8. Change the select view drop down to VPN Connection and click the Create VPN Connection button towards the top right.


     
  9. Set the VPN Customer Gateway drop down to the VPN customer gateway that you created in step 4, it will try to connect. If the other side is not yet ready you can click on the IP address that was added and select the Restart VPN Connection button to force it to try and connect when ready.


     
  10. This side is now configured and ready to use. On the other side of the site to site connection, ensure the same settings are used in step 4 in terms of the crypto settings and pre shared key. The CIDR range that would be specified on the other end would be the range in CloudPlatform, so 10.0.0.0/24. To determine the gateway IP address in CloudPlatform select Network, change the select view drop down to VPC, click the configure button on the VPC that is participating in the site to site VPN connection, click the Public IP Addresses button, the gateway will be the public IP address listed as [Source NAT].
Once the site to site VPN connection has been established you will need to specify inbound and outbound firewall rules as ACLs, this is done in CloudPlatform by selecting Network, changing the select view drop down to VPC, clicking the configure button on the VPC that is participating in the site to site VPN connection, then clicking Network ACL Lists. In our example here, we would have an ACL applied to the 10.0.0.0/24 network where we could allow specific IP addresses within the remote network range 192.168.0.0/24 in on specific ports.

Add Feedback