Skip to content

IPSec VPN (Site-to-Site VPN)

IPsec VPN provides encrypted site-to-site connectivity between an on-premises network and resources running in a SITE Cloud VPC.

Overview

Use IPsec VPN to connect corporate networks, data centers, branch offices, or other environments to cloud resources through encrypted tunnels.

Key Features

Feature Description
Secure site-to-site connectivity Establish encrypted communication between on-premises networks and cloud resources.
Remote subnet management Add, update, or remove remote network subnets reachable through the tunnel.
Tunnel status monitoring View the operational status of VPN tunnels.
Automatic route and firewall rule creation Automatically configure required routing and firewall settings during provisioning.

How Site-to-Site VPN Works

An IPsec VPN establishes an encrypted tunnel between a remote VPN gateway and a VPN endpoint hosted in your VPC. Traffic destined for configured remote subnets is routed through the tunnel.

Creating a VPN Connection

  1. Open IPSec VPN from Cloud Portal navigation.
  2. Click Create IPSec VPN.
  3. Enter deployment information such as business group, name, description, and region.
  4. Enter VPN configuration.
  5. Review the automatically generated routes and firewall rules.
  6. Create the VPN.

Note

VPN configuration can be skipped during creation and completed later from the VPN details page.

Configuring Tunnel Settings

Setting Description
Remote Gateway The source IP address or network allowed to establish the VPN tunnel. Supported values include a public IP address, CIDR subnet, or 0.0.0.0/0.
Remote Subnets On-premises networks reachable through the VPN tunnel. Multiple remote subnets can be configured for one VPN.
Tunnel Status Shows whether the VPN tunnel is operational.
Pre-Shared Key The PSK used for initial authentication between the IPsec VPN and customer gateway.

Warning

Use a specific remote gateway IP address whenever possible instead of 0.0.0.0/0.

Managing Remote Subnets

Remote subnets can be added or removed after the VPN is created.

To add a remote subnet:

  1. Open the VPN resource details page.
  2. Click Add Subnet.
  3. Enter the remote subnet CIDR.
  4. Optionally allow the system to create the required static route automatically.

When automatic route creation is enabled, the system creates a route with:

Route field Value
Destination Remote subnet
Next Hop VPN private IP address
Description Auto-generated route for IPsec VPN connectivity

Configuring Firewall Rules

IPsec VPN may require firewall rules so the remote gateway and VPN endpoint can communicate. During provisioning, Cloud Portal can automatically create the required firewall rules.

Automatically created firewall rules can be modified later using the Firewall Rules service.

Managing a VPN Connection

The following settings can be modified after creation:

- Name
- Description
- Business Group
- Remote Gateway
- Pre-Shared Key

!!! note
    Changing the remote gateway may require corresponding firewall rule updates.

Best Practices

  • Use a specific remote gateway IP address whenever possible.
  • Configure only the remote subnets required by your workloads.
  • Review firewall rules associated with the VPN regularly.
  • Rotate pre-shared keys according to your organization's security policies.
  • Monitor tunnel status to verify that connectivity remains available.