Base de conhecimento  /  Nuvem privada de borda Lumen  /  Segurança
Base de conhecimento  /  Nuvem privada de borda Lumen  /  Segurança

Configuring Site-to-Site (IPsec VPN Sites) VPN

Atualizado por Anthony Hakim em jul 9, 2021
Código do artigo: kb/1267

Descrição

This KB article steps through the process to stand up a Site-to-Site VPN between Lumen Private Cloud on VMware Cloud Foundation™ (LPC on VCF) and Lumen Cloud (CLC).

Pré-requisitos

  • LPC on VCF account.
  • CLC account.
  • Local Endpoint (Public IP for IPsec VPN on the LPC on VCF side).
  • Local Subnets in CIDR format (local networks to be accessible to IPsec VPN on the LPC on VCF side).
  • Peer Endpoint (Public IP for IPsec VPN on the CLC side).
  • Peer subnets in CIDR format (local networks to be accessible to IPsec VPN on the CLC side).
  • Firewall ports IP Protocol ID 50 (ESP), UDP Port 500 (IKE), and UDP Port 4500 are configured on both ends.

Etapas

Log in to your Lumen Private Cloud on VMware Cloud Foundation environment.

Faça login na Lumen Private Cloud na VMware Cloud Foundation

Once logged in, click the Virtual Data Center summary box.

Faça login na Lumen Private Cloud na VMware Cloud Foundation

  • Click Edges in the menu on the left side of the screen,

  • Select your Edge Gateway.

  • Click IPSec VPN.

  • Click NEW.

    IPsec VPN Sites

On the Add IPSec VPN Tunnel popup, add your new configuration.

  • Nome: (Preferred name)
  • Descrição: (Preferred description)
  • Ativado (Checked)
  • Ativado (Your Pre-Shared Key)
  • Security Profile: (Default)

For Local Endpoint:

  • Endereço IP: (Available IP Address)
  • Networks: (Available Networks)

For Remote Endpoint:

  • Endereço IP: (Available IP Address)
  • Networks: (Available Networks)
  • Logging: (Default)

Click SAVE.

IPsec VPN Sites

In the IPsec VPN Configuration page, click Save changes.

IPsec VPN Sites

On the IPsec VPN Configuration page, click the Activation Status tab, and then click the slider to enable the IPsec VPN Service Status. Click Save changes.

IPsec VPN Sites

Log in to your Lumen Cloud environment.

IPsec VPN Sites

In the left pane, click Network, and then select Site-To-Site VPN.

IPsec VPN Sites

In the Site-to-Site VPN page, click the + SITE TO SITE VPN button.

IPsec VPN Sites

In the Create Site-to-Site VPN page, select your Control Portal Site (CLC data center), and then click on the ADD NETWORK BLOCK button.

IPsec VPN Sites

In the Select Destination Network or Subnet page, select your network, subnet size and starting ip address, and then click ADD NETWORK BLOCK.

IPsec VPN Sites

In Create Site-to-Site VPN page, in the Your Site section, enter your Site Name, Device Type and VPN Peer IPv4 Address, and then click the ADD NETWORK BLOCK button.

IPsec VPN Sites

Upon clicking the ADD NETWORK BLOCK button above, a new field appears named Tunnel Encrypted Subnets. Enter your local network subnet block (on the LPC on VCF side). Click next: phase 1.

IPsec VPN Sites

In the Phase 1 (IKE) page, type or select the following:

  • IKE Protocol: IKEv1
  • Protocol Mode: Main
  • Encryption Algorithm: AES-256
  • Hashing Algorithm: SHA1 (96)
  • Pre-Shared Key: Same pre-shared key you used previously
  • Diffie-Hellman Group: Group 2
  • Lifetime Value: 8 hours
  • DPD State: On
  • NAT-T State: Default

Click next: phase 2

IPsec VPN Sites

In the Phase 2 (IPSEC) page, type or select the following:

  • IPSEC Protocol: ESP
  • Encryption Algorithm: AES-256
  • Hashing Algorithm: SHA1 (96)
  • PFS Enabled: On, Group 2
  • Lifetime Value: 1 hora

Click finish

IPsec VPN Sites

Once completed, you will be presented with the summary page.

IPsec VPN Sites

To test the Site-To-Site VPN, try pinging the gateway of a tunneled subnet of the other side, i.e., ping from a VM in CLC on the 10.100.67.0/24 network to the gateway on the LPC on VCF side - 10.23.30.1.

Powered by Translations.com GlobalLink OneLink SoftwarePowered By OneLink