How to setup IPSEC Tunnel using Perimeter81 to Google Cloud Platform

Follow

n order to establish Site-To-Site IPSEC VPN connection between GCP and Perimeter 81 please follow the steps below:

 

Create P81 Private Server

  1. You will need first to have a private server defined. If you didn't have this before please follow the steps here: https://docs.perimeter81.com/docs/create-a-private-vpn-server

  2. Write down the IP address of the private server that you just created. You will need it to the second step.

 

Google Cloud Platform Configuration

GCP includes few steps throughout the configuration and needs to be applied for every VPC.


  1. Create Virtual Private Gateway
  2. Create Virtual Private Network Tunnel
  3. Configure the Routing Rules to the VPC network.
  4. Allow income connections from P81 local network using the firewall rules.

1 & 2. Create Virtual Private Gateway & Tunnel

Go to the Hybrid Connectivity in the Google Cloud Platform Console.

Under the left menu go to VPN:

Hybrid Connectivity -> VPN

Hybrid Connectivity -> VPN

Populate the following fields for the gateway

  • Name — The name of the VPN gateway. This name is displayed in the console and used in by the Gcloud tool to reference the gateway. Usually it would be the same name of the Perimeter 81 Private Location.
  • Network — The VPC network containing the instances the VPN gateway will serve.
  • Region — The region where you want to locate the VPN gateway. Normally, this is the region that contains the instances you wish to reach. Example: us-central1.
  • IP address — Select a pre-existing [static external IP address (https://cloud.google.com/compute/docs/ip-addresses#reservedaddress). If you don't have a static external IP address, you can create one by clicking New static IP address in the pull-down menu.

Populate fields for at least one tunnel:

  • Name - The name of the VPN tunnel. Example - Perimeter 81 - Production
  • Remote peer IP address — Public IP of the Perimeter 81 Private Network.
  • IKE version — Select IKEv2
  • Shared secret — Enter the shared secret that provided within the configuration file (contact support@perimeter81.com to get this).
  • Routing options — Select Route-based.
  • Remote network IP range — The range, or ranges, of the on-premises network, which is the network on the other side of the tunnel from the Cloud VPN gateway you are currently configuring. Specify 10.255.0.0/16

Click Create to create the gateway and initiate all tunnels, through tunnels will not connect until you've completed the additional steps below.

3. Configure the Routing Rules to the VPC network

Go to the VPC Network in the Google Cloud Platform Console.Under the left menu go to Routes:

Click Create Route Rule and Populate the following fields for the routing rule:

  • Name — The name of the VPN gateway. This name is displayed in the console and used in by the gcloud tool to reference the gateway.
  • Network - The VPC network containing the instances the VPN gateway will serve (should be the same network as selected in the previous step).
  • Destination Network IP range — The range, or ranges, of the on-premises network, which is the network on the other side of the tunnel from the Cloud VPN gateway you are currently configuring. Specify 10.255.0.0/16.
  • Next hop - Select Specify VPN Tunnel.
  • Next hop VPN tunnel - Select the VPN tunnel you created in the previous step.
  • Click Create.

4. Allow income connections from P81 local network using the firewall rules

Go to the VPC Network in the Google Cloud Platform Console.

Under the left menu go to Firewall Rules:

 Click Create Firewall Rule and Populate the following fields for the firewall rule:

  • Name: p81-allow-tcp-udp-icmp
  • Network - The VPC network containing the instances the VPN gateway will serve (should be the same network as selected in the previous step).
  • Source filter: IP ranges.
  • Direction of traffic should be Ingress and Egress for firewall rules
  • Source IP ranges: 10.255.0.0/16
  • Allowed protocols or ports: tcp; udp; icmp
  • Target tags: Any valid tag or tags.
  • Click Create
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.