This article provides a general guide for establishing functional IPSec VPN connections to endpoints outside of mCloud. Please note that specific endpoints, such as routers or other cloud providers, may have additional requirements or unique configurations not covered in this guide.
Prerequisites:
This article assumes the following is already configured and functional within your mCloud Dashboard:
mCloud project
mCloud internal subnet
mCloud router
Remote endpoint capable of IPSec tunnels
Method:
Log into mCloud at https://mcloud.micron21.com/
Go to Project > Network > VPN
Click on "+Add IKE Policy"
Fill out the desired settings and click Add
This policy can roughly be described as "Phase 1" on other network devices. Keep this in mind when setting up IPSec connections, any mismatch in these settings between endpoints will cause errors.
Click on the "IPsec Policies" tab and click "+Add IPsec Policy".
Fill out the desired settings and click Add
This policy is roughly equivalent to "Phase 2" on other network devices.
Click on the "VPN Services" tab
Click on "+Add VPN Service"
Enter a name, and select a router. Don't select a subnet at this time, then Click Add
Click on the "Endpoint Groups" Tab. We’ll need to add two endpoint groups here, for internal and remote.
Click "+Add Endpoint Group" and add a local subnet for our internal network
Click "+Add Endpoint Group" and add an external subnet for our remote network
Click on the "IPsec Site Connections" tab and click "+Add IPsec Site Connection".
Enter the required details for the configuration we have done to this point, the remote peer details, and a pre-shared key.
Configure the remote site VPN, matching the settings added above, and confirm both sides are connected. From here you can test traversing the firewall between sites.