Setting up network connectivity between cloud and remote resources with IPsec gateways
Written by
Updated at December 4, 2024
Network connectivity between your corporate data center and cloud resources must be properly protected. To enable such protection, you can use secure connections.
One of the technologies used for that is an internet connection based on IPsec gateways over the IPsec protocol. IPsec
Cloud site:
- The
cloud-net
network withsubnet-a
(172.16.1.0/24
),subnet-b
(172.16.2.0/24
), andipsec-subnet
(172.16.0.0/24
). - The
cloud-gw
main IPsec gateway in VM format based on the open-source strongSwan product. The IPsec gateway is connected to theipsec-subnet
. The main goal of the gateway is to set up an IPsec connection to a remote gateway and provide network connectivity between test VMs. - The
cloud-net-sg
security group is applied on the VM network interface of the main gateway and allows IPsec traffic between the gateways. - A route table named
cloud-net-rt
with static routes ensures traffic towardssubnet-1
of the remote site via the main IPsec gateway. - The
vm-a
andvm-b
test VMs based on Ubuntu Linux are connected tosubnet-a
andsubnet-b
, respectively. These VMs are used to check IP connectivity via an IPsec connection.
Remote site:
- The
remote-net
network withsubnet-1
(10.10.0.0/16
). - The
remote-gw
remote IPsec gateway in VM format based on the open-source strongSwan product. The IPsec gateway is connected tosubnet-1
. The main goal of the gateway is to set up an IPsec connection to the main gateway and provide network connectivity between test VMs. - The
remote-net-sg
security group is applied on the VM network interface of the remote gateway and allows IPsec traffic between the gateways. - A route table named
remote-net-rt
with static routes ensures traffic towardssubnet-a
andsubnet-b
of the cloud site via the remote IPsec gateway. - The
vm-1
test VM based on Ubuntu Linux is connected tosubnet-1
. This VM is used to check IP connectivity via an IPsec connection.
The IPsec connection is established between the public IPs of the main (x1.x1.x1.x1
) and remote (x2.x2.x2.x2
) gateways.
To set up network connectivity with IPsec gateways, use one of the following methods: