Route-Based Static VPN Connection

Note: Pureport recommends using Route-Based VPN with BGP for your site connection, when supported by your device. This makes future network growth and changes easier, as Pureport manages the BGP peering. See "Connecting to a Site VPN - Route-Based with BGP" for details.



Before establishing a VPN connection to Pureport, you must first ensure your gateway device support IPSEC VPN connectivity, and then you must gather the following information:

  • Speed of your Internet connection
  • Primary public IP of your VPN gateway
  • Secondary public IP of your VPN gateway (only applicable if you have two Internet connections and wish to support fail-over and load sharing between them)
  • IP Networks of your customer site (for static routes and, optionally, for Cloud Grade NAT configuration)
  • Supported IPSEC settings of your VPN gateway (IKE version, encryption, integrity, and Diffe Hellman Group for Phase 1 and Phase 2 VPN negotiation)
    • The knowledge base contains recommended configuration settings for many common platforms

Building the VPN Connection

Use this procedure to create a Route-Based VPN site connection with Pureport.

  1. Log into the Pureport Console.

  2. In the left navigation bar, select the Networks tab.

  3. The Networks page list the existing networks. Select your network.
  4. On your network page, select Add Connection.

  5. In the New Connection window, for Type, select Site IPSec VPN from the drop-down menu.

  6. Select the Pureport Location you would like this connection to be created from the drop-down. You should select the site geographically closest to your physical location.

  7. Select the Speed of the connection from the drop-down, then click Next. Do not exceed the maximum speed of your Internet connection.

  8. Enter the Primary IP Address and Secondary IP Address of your site routers You will only need different customer router IP addresses if your site has multiple Internet connections with separate IP addresses. If your site has a single address, enter it in both the Primary and Secondary fields.

    In the Routing Type field, select Route Based Static and click Next.

  9. On the Customer Networks page, enter the network IP address and name for each network behind your firewall to have access to this connection, then click Next. These network entries are required for route-based VPNs using static routing and provide the static routes to to the Pureport network.

    • Use the Add Customer Networks button to add additional networks.
    • Use the Delete button to remove a customer network

  10. On the NAT Configuration page, you may also enable and configure Cloud Grade NAT if desired, as detailed in the Cloud Grade NAT knowledge-base article. Then click Next.

  11. On the IKE Configuration page, select the IKE/ESP Encryption settings that meet your security requirements and are supported by your site's physical device. Then click Next.

  12. Enter a meaningful Name and Description, then click Add Connection.
    The Console generates a default name, but you can enter a name that conforms to your organization's naming standards.
    Review your selections and choose Add Connection to create your Policy Based Site VPN Connection.

  13. After saving the Connection, the system displays the following information:
    • Site IPsec VPN settings
    • Traffic Selectors
    • Primary Gateway
    • Secondary Gateway

Be sure to record this information, you will need this information later.


The Pureport Support Knowledge Base has guidance on configuring the most common VPN appliances to connect to your Site VPN Connection.