Skip to main content

Tutorial: Connect Your GCP VPC to CloudConnexa using IPsec

Abstract

This tutorial shows how to configure an IPsec connection to your GCP VPC. Once configured, a site-to-site IPsec tunnel connects your GCP VPC to the configured CloudConnexa Region. On a successful connection, your CloudConnexa users and other networks connected to any of CloudConnexa's Regions can access your VPC.

This tutorial shows how to configure an IPsec connection to your GCP VPC. Once configured, a site-to-site IPsec tunnel connects your GCP VPC to the configured CloudConnexa Region. On a successful connection, your CloudConnexa users and other networks connected to any of CloudConnexa's Regions can access your VPC.

  3. Add a Network using the Network Configuration Wizard to represent your Cisco private network and select the IPsec Tunneling Protocol option.

  4. In the Connector configuration step, select GCP from the Public Cloud Providers (IAAS)section of the Platform to Connect drop-down menu. Refer to CloudConnexa Connectors and About Network Connectors.

    Instructions will appear on how to configure IPsec connectivity with CloudConnexa.

    You will see three steps:

    1. Create GCP VPN: You must configure the GCP VPN with the information needed to connect to the selected CloudConnexa Region.

    2. Setup CloudConnexa Tunnel: You will provide the Remote Site IP address, configuration, and pre-shared key or certificate to set up the IPsec tunnel.

    3. Verify Connectivity: After configuring the tunnel on both sides, click “Test Connection” to check that CloudConnexa can connect to your network.

  5. Go to the VPN section of Google Cloud Console.

  6. Choose Classic VPN when you Create a new VPN connection.

  7. For the Google Compute Engine VPN gateway, use the settings below:

    1. Name - Enter a valid name.

    2. Network - select the VPC you want to connect to CloudConnexa.

    3. Region - select a GCP Region close to the CloudConnexa Region chosen for the IPsec Connector.

    4. IP Address - create a new one or select an existing static IP address for the VPN Gateway. This is the IP address you will use as the Remote Site Public IPv4 Address in a later step.

  8. For the New Tunnel, use the following settings:

    1. Name - any valid name

    2. Remote Peer Address - enter the one provided in CloudConnexa's Create GCP VPN section of instructions.

    3. IKE Version - IKEv2

    4. IKE pre-shared key - Type in random text and paste it in the Pre-shared Key (PSK) field of CloudConnexa's Setup CloudConnexa Tunnel section.

      Note

      Do not use the Generate and Copy option to generate the PSK key, as the keys it creates may be incompatible with the PSK string validation rules for CloudConnexa.

    5. Routing options - Policy-based

    6. Remote network IP ranges - Enter the one provided in CloudConnexa's Create GCP VPN section of instructions one by one.

    7. Local IP ranges - enter subnets that belong to GCP VPC.

  9. Click Done.

  10. Click Create.

    The created VPN tunnel and CloudVPN gateway will be displayed after a few moments.

  11. In the Setup CloudConnexa Tunnel section, provide your Google Compute Engine VPN gateway public IPv4 address (see, Step 7.d) in the Remote Site Public IPv4 Address text field and the VPN tunnel PSK in the Pre-shared Key (PSK) field (see, Step 8.d).

  12. In the Verify Connectivity section, click Test Connection to check connectivity and click View Logs to see any logs to troubleshoot failures.

  13. Continue with the network wizard instructions.

In this section: