Setting up IPsec VPN
IPsec VPN allows you to access servers located in the cloud from your local network. This type of VPN securely connects two networks: for example, a local office network and a virtual data center network.
Some of the settings must be done on the router of your network. The following describes the settings that need to be made on the virtual gateway (Edge gateway).
1) Go to Networking -> Edges. Click on VEG. Click CONFIGURE SERVICES.
2) In the window that appears, go to the VPN section. Select IPsec VPN Sites and click +.
3) In the window that appears, fill in:
Enabled - enable the service.
Name - the name of the IPsec VPN connection.
Local Id and Local Endpoint - specify the external IP address from the list of available external IP addresses for the organization.
Local Subnets - enter the list of subnets of the organization that you want to access from the remote network.
Peer Id and Peer Endpoint - specify the external IP address of the remote network router.
Peer Subnets - specify the list of remote subnets that you want to access from the virtual data center.
Encryption Algorithm - AES256 is recommended. This parameter must be the same on the VEG and on the remote network router.
Pre-Shared Key - enter a key similar to that specified in the IPsec VPN connection settings on the LAN router.
Diffie-Hellman Group - We recommend using the latest available. This parameter must be the same on the VEG and on the remote network router.
4) Click Keep and Save changes to save the settings.
5) Go to the Activation Status tab and enable the IPsec VPN Service Status option.
Click Save changes to save your settings.
The necessary NAT and Firewall rules will be created automatically.