Configuring the Multi-site IPsec VPN settings

The availability of this feature depends on the service quotas that are enabled for your account.

After you configure a Multi-site IPsec VPN, you must configure the cloud site and the local sites settings on the Disaster Recovery > Connectivity tab.

Prerequisites

  • A configured Multi-site IPsec VPN connectivity. For more information about configuring the Multi-site IPsec VPN connectivity, see Configuring Multi-site IPsec VPN.

  • Public IP address of each the local IPsec VPN gateway.

  • Plan your cloud network to have enough IP addresses for the cloud servers that are copies of your protected machines (in the production network), and for the recovery servers (with one or two IP addresses, depending on your needs).

  • If you use firewall between the local sites and the cloud site, you must allow the following IP protocols and UDP ports on the local sites: IP Protocol ID 50 (ESP), UDP Port 500 (IKE), and UDP Port 4500.

To configure a Multi-site IPsec VPN connection

  1. Add one or more networks to the cloud site.

    1. Click Add Network.

      When you add a cloud network, a corresponding test network is added automatically with the same network address and mask for performing test failovers. The cloud servers in the test network have the same IP addresses as the ones in the cloud production network. If you need to access a cloud server from the production network during a test failover, when you create a recovery server, assign it a second test IP address.

    2. In the Network address field, type the IP address of the network.

    3. In the Network mask field, type the mask of the network.

    4. Click Add.

  2. Configure the settings for each local site that you want to connect to the cloud site, following the recommendations for the local sites. For more information about these recommendations, see General recommendations for local sites.

    1. Click Add Connection.

    2. Enter a name for the of the local VPN gateway.

    3. Enter the public IP address of the local VPN gateway.

    4. Enter a description of the local VPN gateway.

    5. Click Next.

    6. In the Pre-shared key field, type the pre-shared key, or click Generate a new pre-shared key to use an automatically generated value.

      You must use the same pre-shared key for the local and the cloud VPN gateways.

    7. Click IPsec/IKE security settings to configure the settings. For more information about the settings that you can configure, see IPsec/IKE security settings.

      You can use the default settings, which are populated automatically, or use custom values. Only IKEv2 protocol connections are supported. The default Startup action when establishing the VPN is Add (your local VPN gateway initiates the connection), but you can change it to Start (the cloud VPN gateway initiates the connection) or Route (suitable for firewalls that support the route options).

    8. Configure the Network policies.

      The network policies specify the networks to which the IPsec VPN connects. Type the IP address and mask of the network using the CIDR format. The local and cloud network segments should not overlap.

    9. Click Save.