Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 5888 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ipsec Site to Site VPN from Google Cloud to Cyberoam

Alejandro Rodriguez

How can I make an ipsec connection Site to Site VPN from Google Cloud to Cyberoam?



This thread was automatically locked due to age.
  • 0

    Hi Alejandro , 

     

    We basically support Policy based Route for now. Use IKEv1.

    Disable Pass compression. 

     Configuration on Google Cloud VPC . 

    1. Go to the VPN page in the Google Cloud Platform Console. 
      GO TO THE VPN PAGE
    2. Click Create.
    3. Populate the following fields for the gateway:
      • Name — The name of the VPN gateway. This name is displayed in the console and used in by the gcloud tool to reference the gateway.
      • Network — The VPC network containing the instances the VPN gateway will serve.
      • Region — The region where you want to locate the VPN gateway. Normally, this is the region that contains the instances you wish to reach. Example: us-central1
      • IP address — Select a pre-existing static external IP address. If you don't have a static external IP address, you can create one by clicking New static IP address in the pull-down menu.
    4. Populate fields for at least one tunnel:
      • Remote peer IP address — Public IP address of the on-premises gateway. This is the public IP address of the other VPN gateway, not the one you are currently configuring.
      • IKE version — IKEv2 or IKEv1. Use IKEv2 if it's supported by the on-premises gateway.
      • Shared secret — Used in establishing encryption for that tunnel. You must enter the same shared secret into both VPN gateways. If the VPN gateway device on the other side of the tunnel doesn't generate one automatically, you can make one up.
      • Routing options — Select Policy-based.
      • Remote network IP range — The range, or ranges, of the peer network, which is the network on the other side of the tunnel from the Cloud VPN gateway you are currently configuring.
      • Local subnets — Specifies which IP ranges will be routed through the tunnel. This value cannot be changed after the tunnel is created because it is used in the IKE handshake.
        • Select the gateway's entire subnet in the pull-down menu. Or, you can leave it blank since the local subnet is the default.
        • Leave Local IP ranges blank except for the gateway's subnet.

    As on Cyberoam, you may use the standard IPsec Connections and match the profile . 

  • 0 in reply to Aditya Patel

    I already do the Google procedure, but when it's going to connect I get this message: Please verify that the network range and the remote network IP ranges of the tunnel match the configured IP ranges on the peer device.