<<<<<<< HEAD:Content/Topics-IPSec-Tunnel-Integration-Del-03/Cloud-base/More-Cloud-Options/IBM-Cloud.htm

IBM Cloud Single Tunnel

=======

IBM Cloud

>>>>>>> db224f4bae568d6f9f7c3659d1ae288df8757505:Content/Topics-SASE-IPsec-VPN/Cloud-based/More-Cloud-Options/IBM-Cloud.htm

Step 1 - Configuring a VPN Gateway at the IBM Cloud Console

  1. Access the IBM Cloud Console and open the VPC section and go to Network > VPNs.

  2. Go to the IKE policies tab and click New IKE policy.

  3. The New IKE policy window appears.

  4. Enter these:

    1. Name - Name of the policy.

    2. Resource group

    3. Region - Region in which the VPC is located.

  5. Click Create IKE policy.

    The system creates the IKE policy.

  6. Click and then Edit.

  7. Enter these:

    1. IKE Version - 1

    2. DH Group - 2

    3. Authentication - sha256

    4. Key Lifetime - 28800

    5. Encryption - aes256

  8. Click Save IKE policy.

  9. Go to the IPSec Policies tab and click New IPSec Policy.

    The New IPSec policy window appears.

  10. Enter these:

    1. Name - Name of the policy.

    2. Resource group

    3. Region - Region in which the VPC is located.

  11. Click Create IPSec policy.

    The system creates the IPSec policy.

  12. Click and then Edit.

  13. Enter these:

    1. Authentication - sha256

    2. Encryption - aes256

    3. PFS - Select the checkbox.

    4. DH Group - 2

    5. Key Lifetime - 3600

  14. Click Save IPSec policy.

  15. Go to the VPN gateways tab and click New VPN gateway.

    The New VPN gateway for VPC window appears.

  16. Enter these:

    1. Name - Name of the VPN gateway.

    2. Virtual private cloud - Select the required cloud.

    3. Resource group - Select the resource group.

    4. Subnet - Select the required subnet.

  17. Select New VPN Connection for VPC.

    The New VPN connection for VPC window appears.

  18. Enter these:

    1. Connection name - Name of the VPN connection.

    2. Peer gateway address - IP address of your gateway.

    3. Preshared key - A string with at least 8 characters that contains upper-case letters and numbers.

    4. Local subnets - Specify one or more subnets in the VPC you want to connect.

    5. Peer subnets - 10.255.0.0/16 (Unless you have custom configurations or multiple tunnels to the same gateway).

    6. Dead peer detection action - Restart

    7. Interval - 10 seconds

    8. Timeout - 30 seconds

    9. IKE policy - Select the IKE policy created earlier.

    10. IPSec policy - Select the IPSec policy created earlier.

Step 2 - Creating the Tunnel in the

  1. In the General Settings section, enter these:

    1. Name - Name of the tunnel.

    2. Public IP - IP address of the VPN Gateway defined in the IBM Cloud console.

    3. Remote ID - Identical to Remote IP.

    4. Shared Secret - Preshared key in the IBM Cloud console.

    5. Perimeter 81 Gateway Proposal Subnets - 10.255.0.0/16 or the value defined in the IBM Cloud console.

    6. Remote Gateway Proposal Subnets - Subnets in the VPC that you want to connect.

  2. In the Advanced Settings section, enter the information for your tunnel type:

  3. Click Add Tunnel.

Verifying the Setup in IBM Cloud Console

  1. Access the IBM Cloud console and go to the VPN gateways tab.

  2. Select the name of the VPN Gateway associated with the tunnel.

  3. Scroll down and click View all connections.

    Verify whether the tunnel Status as active.