The Perimeter 81 SASE Network offers several different ways to connect your cloud/on-premises infrastructure. While our solution is hardware-free, there are some minimal requirements for a successful Site-to-Site connection which will be covered in the following article:
- Internal network-compliant subnet
- IPsec tunneling supporting router
- Wireguard Tunnel uses a Linux Server that is free to host the connection (it can be a Virtual Machine)
Internal Network Subnet
The Perimeter 81 SASE network is designed according to internationally acknowledged standards and follows the RFC conventions regulated by the American internet authorities. In order to successfully incorporate Perimeter 81 in your architecture please make sure that:
- Your internal network follows industry-accepted design patterns.
- VPCs or DC with overlapping subnets do not reside in the same network.
- Your Perimeter 81 Network subnet does not overlap with your network subnet.
- All subnet masks are either class B or C (HIGHLY RECOMMENDED).
- (recommended - not a must) Your internal network has a static public IP.
If you plan to connect a site with this CIDR, you might experience an IP conflict with users trying to reach this from home.
You may want to change it to anything else (for example 192.168.81.0/24 or 10.81.0.0/24) prior to connecting a site to your Perimeter 81 network.
A Site-to-Site connection between your Perimeter 81 Network and your Cloud infrastructure can be easily implemented with any IaaS provider, however, if you'd like to connect to your on-premises infrastructure make sure that at least one of the following requirements is fulfilled.
IPSec Tunneling Support
Make sure your edge device (firewall or router) supports IPSec point to point tunneling using IKEv2. IPSec passthrough devices will not work.
If you are not sure, you can search our "Connect On-Prem Resources" section or look at the manufacturer's official documentation.
If it is not supported, or if you prefer avoiding adjustments in your Firewall or Router Interface, move on to the next step.
A Site-to-Site connection can also be achieved by deploying a Perimeter 81 connector on a virtual/bare-metal server which is able to connect to your desired resources fulfilling the following requirements:
- Kernel: Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, 23.04, CentOS 7, or CentOS 8 (RedHat distributions)
- Packages installed: (UBUNTU) curl; dig; software-properties-common or (CentOS) curl, bind-utils
- Free Disc Space: 20 GB available
- Free Memory: 2GB RAM
- A static internal IP address
- A network adapter cannot be NAT - only Bridge.
- If you are hosting the Linux machine on a Windows host, virtualization must be enabled on the Windows BIOS to allow Virtualization.
Once you make sure these prerequisites are fulfilled you can move on to the next stage, choosing the Site-to-Site connection type which fits your use case the best.