VPN Customer Gateways
You can add, modify, or delete a VPN Customer Gateway in CloudPortal Business Manager for the CloudPlatform version 3.0.5 and above. You can view the name, gateway, CIDR list, and other details under the tab My Services > VPN Customer Gateway for the selected CloudPlatform version.
To add a VPN Customer Gateway
Perform the following steps:
- Login to CloudPortal Business Manager UI
- Go to My Services tab
- Click on the Manage Resources link for the required CloudPlatform
- Click on the VPN Customer Gateway tab
- Click Add New on the left pane
- Specify the following details
UI Element Description Name A unique name for the VPN customer gateway that you create
Gateway The IP address for the remote gateway
CIDR list The guest Classless Inter-Domain Routing (CIDR) list of the remote subnets. Enter a CIDR or a comma-separated list of CIDRs. Ensure that a guest CIDR list is not overlapped with the VPC's CIDR, or another guest CIDR. The CIDR must be RFC1918-compliant
IPsec Preshared Key Preshared keying is a method where the endpoints of the VPN share a secret key. This key value is used to authenticate the customer gateway and the VPC VPN gateway to each other
Phase 1 Policy(IKE) - IKE Encryption: The Internet Key Exchange (IKE) policy for phase-1. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. Authentication is accomplished through the Preshared Keys
- IKE Hash: The IKE hash for phase-1. The supported hash algorithms are SHA1 and MD5
- IKE Diffie Hellman Group(DH): A public-key cryptography protocol which allows two parties to establish a shared secret over an insecure communications channel. The 1536-bit Diffie-Hellman group is used within IKE to establish session keys. The supported options are None, Group-5 (1536-bit), and Group-2 (1024-bit)
Phase 1 Lifetime(seconds) The phase-1 lifetime of the security association in seconds. Default is 86400 seconds (1 day). Whenever the time expires, a new phase-1 exchange is performed
Phase 2 Policy (ESP) - ESP Encryption:Encapsulating Security Payload (ESP) algorithm within phase-2. The supported encryption algorithms are AES128, AES192, AES256, and 3DES
- ESP Hash:Encapsulating Security Payload (ESP) hash for phase-2. Supported hash algorithms are SHA1 and MD5
- Perfect Forward Secrecy: Perfect Forward Secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised. This property enforces a new Diffie-Hellman key exchange. It provides the keying material that has greater key material life and thereby greater resistance to cryptographic attacks. The available options are None, Group-5 (1536-bit), and Group-2 (1024-bit). The security of the key exchanges increase as the DH groups grow larger, as does the time of the exchanges
Phase 2 Lifetime(seconds) The phase-2 lifetime of the security association in seconds. Default is 3600 seconds (1 hour). Whenever the value is exceeded, a re-key is initiated to provide a new IPsec encryption and authentication session keys
Dead Peer Detection A method to detect an unavailable IKE peer. Select this option if you want the virtual router to query the liveliness of its IKE peer at regular intervals. It is recommended to have the same configuration of DPD on both side of VPN connection
- Select the checkbox to accept the terms and conditions
- Click OK
To modify a VPN Customer Gateway
Perform the following steps:
- Login to CloudPortal Business Manager UI
- Go to My Services tab
- Click on the Manage Resources link for the required CloudPlatform
- Click on the VPN Customer Gateway tab
- From the left pane, select the specific VPN Customer Gateway that you want to edit
- Click on the edit icon on the right pane
- Edit the details as required
- Click OK
To delete a VPN Customer Gateway
Perform the following steps:
- Login to CloudPortal Business Manager UI
- Go to My Services tab
- Click on the Manage Resources link for the required CloudPlatform
- Click on the VPN Customer Gateway tab
- From the left pane, select the specific VPN Customer Gateway that you want to delete
- Click on the delete icon on the right pane
- Click OK
Searching VPN Customer Gateways
The VPN Customer Gateways tab lists all VPN Customer Gateways. As a master user/power user/normal user, you can find a particular VPN Customer Gateway/VPN Customer Gateways by using the search options. The option to search is visible in the CPBM UI only if the CloudPlatform Connector version supports search operation for VPN Customer Gateways.
- Log in to CloudPortal Business Manager UI as master user/power user/normal user.
- Either click My Services and then click the desired CloudPlatform service instance tab or click Manage Resources and then click the desired CloudPlatform service instance link.
- Click the VPN Customer Gateways tab.
- In the Search box, specify the VPN Customer Gateway name and click Enter.
Comments