Configuring a Site-to-Site IPSec Tunnel to IBM Cloud

In order to establish a Site-To-Site IPSec VPN connection between your IBM server and Perimeter 81 network, please follow the steps below:

Configure a VPN Gateway at the IBM Cloud Console 

1. Open to the VPC section in the IBM Cloud Console. Go to VPNs (under the Network tab).
Screen_Shot_2019-11-10_at_13.00.22.png2. Open the IKE Policies tab, then select New IKE Policy.
Screen_Shot_2019-12-05_at_16.36.19.png3. Choose an indicative Name, the Region in which the appropriate VPC lies, define the Resource group, then select Create IKE policy.
Screen_Shot_2019-12-05_at_16.43.39.png
4. Once the policy has been created, select the three-dotted menu (...) and select Edit.
5. Fill in the following information:
  • IKE Version: 1
  • DH Group: 2
  • Authentication: sha256
  • Key Lifetime: 28800
  • Encryption: aes256
    Select Save IKE policy.
6. Open the IPSec Policies tab, then select New IPSec Policy.7. Choose an indicative Name, the Region in which the appropriate VPC lies and define the Resource group, then select Create IPSec policy.
Screen_Shot_2019-12-05_at_17.50.12.png
 
8. Once the policy has been created, select the three-dotted menu (...) and select Edit.
9. Fill in the following information:
  • Check PFS
  • DH Group: 2
  • Authentication: sha256
  • Key Lifetime: 3600
  • Encryption: aes256
    Select Save IPSec policy.
    Screen_Shot_2019-12-05_at_18.01.56.png
10. Open the VPN gateways tab, then select New VPN gateway.
11. Fill in the following information:
  • Name: Choose an indicative name of your choice
  • Virtual private cloud: Choose the desired cloud
  • Resource group: Choose the resource group
  • Subnet: Choose the appropriate subnet
    Screen_Shot_2019-12-12_at_17.08.28.png
12. Check New VPN Connection for VPC. 13. Fill in the following information:
  • Connection name: Set an indicative name
  • Peer gateway address: Insert your Perimeter 81 gateway IP
  • Preshared key: Insert an 8 character (at least) string containing upper-case letters, upper-case letters and numbers
  • Local subnet: Specify one or more subnets in the VPC you want to connect
  • Peer subnet: Unless you have custom configurations or multiple tunnels to the same Perimeter 81 gateway insert 10.255.0.0/16 
    Screen_Shot_2019-12-12_at_17.31.14.jpg
  • Dead peer detection action: Restart
  • Interval: 10 seconds
  • Timeout: 30 seconds
  • IKE policy: Choose the policy that was earlier
  • IPSec policy: Choose the policy that was earlier

  Configure the Tunnel in the Perimeter 81 Platform

 
1. Enter your Perimeter 81 Management Platform. Under the Network tab in the left menu, select the name of the network in which you'd like to set the tunnel.
2. Locate the desired gateway, select the three-dotted menu (...), select Add Tunnel and then IPSec Site-2-Site Tunnel.Screen_Shot_2019-08-27_at_14.06.15.png3. Fill in the following information:
  • Name: Specify an indicative name
  • Public IP: Insert the IP of the VPN Gateway you have just defined
  • Remote ID: Identical to Remote IP
  • Shared Secret: Insert the same preshared key you chose before
  • Perimeter 81 Gateway Proposal Subnets: 10.255.0.0/16 or according to what you defined in the IBM Cloud portal
  • Remote Gateway Proposal Subnets: Specify one or more subnets in the VPC you want to connect

Screen_Shot_2019-08-27_at_14.23.01.png
4. At the Advanced Settings section enter:

Screen_Shot_2019-08-27_at_14.21.57.png
  • IKE Version: 1
  • IKE Lifetime: 8h
  • Tunnel Lifetime: 1h
  • Dead Peer Detection Delay: 10s
  • Dead Peer Detection Timeout: 30s
  • Encryption (Phase 1): aes256
  • Encryption (Phase 2): aes256
  • Integrity (Phase 1): sha256
  • Integrity (Phase 1): sha256
  • Diffie-Hellman Groups (Phase 1): 2
  • Diffie-Hellman Groups (Phase 2): 2 

Make sure the tunnel is up

1. Under the VPN gateways tab select the name of the VPN Gateway that is associated with the tunnel.

1.jpg2. Scroll down and select View all connections.3. You'll be able to see the status of the tunnel. If for some reason the tunnel is down please make sure you configured all the fields according to this document. At any point, our support team will be happy to assist or troubleshoot.
Screen_Shot_2019-12-12_at_18.11.01.jpg
 
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.