Skip to main content

How to configure IPSec VPN connections to endpoints outside mCloud - Knowledgebase / mCloud - Micron21 Helpdesk

How to configure IPSec VPN connections to endpoints outside mCloud

Authors list

This article provides a general guide for establishing functional IPSec VPN connections to endpoints outside of mCloud. Please note that specific endpoints, such as routers or other cloud providers, may have additional requirements or unique configurations not covered in this guide.

Prerequisites:

This article assumes the following is already configured and functional within your mCloud Dashboard:

  • mCloud project

  • mCloud internal subnet

  • mCloud router

  • Remote endpoint capable of IPSec tunnels

Method:

  1. Log into mCloud at https://mcloud.micron21.com/

  2. Go to Project > Network > VPN

    1. ips1.png

  3. Click on "+Add IKE Policy"

    1. ips2.png

  4. Fill out the desired settings and click Add

    1. This policy can roughly be described as "Phase 1" on other network devices. Keep this in mind when setting up IPSec connections, any mismatch in these settings between endpoints will cause errors.

    2. ips3.png

  5. Click on the "IPsec Policies" tab and click "+Add IPsec Policy".

    1. ips4.png

  6. Fill out the desired settings and click Add

    1. This policy is roughly equivalent to "Phase 2" on other network devices.

    2. ips5.png

  7. Click on the "VPN Services" tab

  8. Click on "+Add VPN Service"

    1. ips6.png

  9. Enter a name, and select a router. Don't select a subnet at this time, then Click Add

    1. ips7.png

  10. Click on the "Endpoint Groups" Tab. We’ll need to add two endpoint groups here, for internal and remote.

    1. Click "+Add Endpoint Group" and add a local subnet for our internal network

      1. ips8.png

    2. Click "+Add Endpoint Group" and add an external subnet for our remote network

      1. ips9.png

  11. Click on the "IPsec Site Connections" tab and click "+Add IPsec Site Connection".

  12. Enter the required details for the configuration we have done to this point, the remote peer details, and a pre-shared key.

    1. ips10.png

  13. Configure the remote site VPN, matching the settings added above, and confirm both sides are connected. From here you can test traversing the firewall between sites.



Helpful Unhelpful