It is not uncommon to need a secure way to access features or services on servers in Voonami's cloud that you don't want to expose to the entire internet, services like RDP or SSH. An IPSec tunnel can be used to provide an always on tunnel between two private networks, such as your office and the network in your cloud environment. The following steps will help you set up a tunnel between your edge gateway in Voonami's cloud and the networking equipment in your office.

  1. Login to your cloud portal - Login to Cloud Portal

  2. Select the 'Administration' tab on the top left of your main window and then double-click your virtual datacenter.

  3. On the next screen, select the 'Edge Gateways' tab then right-click your edge or select it (it will be highlighted in blue), then select the gear icon to pull down the options.  Choose 'Edge Gateway Services.'

  4. Select the VPN tab and then select "Add..."

  5. Fill in the fields below:

    1. Name: A descriptive name to identify the tunnel, i.e. voonami-cloud-to-hq
    2. Description: An optional description.
    3. Enable this VPN configuration: Make sure this box is checked if you want to enable this tunnel.
    4. Establish VPN to: To get to your office, you will want to change the drop down to "a remote network"
    5. Local Networks: Select the network in your cloud environment that you want to be able to access via the tunnel.
    6. Peer Networks: The network in your office that you want to connect to the network in your cloud environment.
    7. Local Endpoint: Typically, this will be the cloud201-pub option
    8. Local ID: An ID to uniquely identify the local endpoint. This is the IP address of the Edge Gateway
    9. Peer ID: An ID to uniquely identify the peer, such as your office, this will often be your office's public IP address.
    10. Peer IP: IP address used to reach the peer. If you have to go through NAT to reach the tunnel endpoint in your office, this will be the IP address on the public side of the NAT.
    11. Encryption Protocol: Select one of the available protocols that your endpoint will support. You can use the auto-generated key provided or create/provide your own.
    12. Shared Key: This is the 'password' used on both sides to establish the tunnel.
    13. MTU: Typically will be 1500.
  6. Click "OK" and then "OK" again. These changes can take up to a few minutes to be implemented on your edge gateway.
  7. Next set up the tunnel on your endpoint in your office. There are some additional options that may be present on your endpoint that can not be changed on the Edge Gateway:
    1. Keepalive Frequency: 10
    2. Dead Peer Detection: On Idle
    3. IKE Version: 1
    4. Mode: Main (ID Protection)
    5. Diffie-Helman Group (Phase 1 & Phase 2): 2
    6. Phase 1 Key Lifetime (in seconds): 28800
    7. Perfect Forward Secrecy (PFS): Enabled
    8. Phase 2 Auto-negotiate: Enabled
    9. Phase 2 Autokey Keep Alive: Enabled
    10. Phase 2 Key Lifetime (in seconds): 3600

  • No labels