Route-Based Static VPN Connection
Note: Pureport recommends using Route-Based VPN with BGP for your site connection, when supported by your device. This makes future network growth and changes easier, as Pureport manages the BGP peering. See "Connecting to a Site VPN - Route-Based with BGP" for details.
Before establishing a VPN connection to Pureport, you must first ensure your gateway device support IPSEC VPN connectivity, and then you must gather the following information:
- Speed of your Internet connection
- Primary public IP of your VPN gateway
- Secondary public IP of your VPN gatway (only applicable if you have two Internet connections and wish to support fail-over and load sharing between them)
- IP Networks of your customer site (for static routes and, optionally, for Cloud Grade NAT configuration)
- Supported IPSEC settings of your VPN gateway (IKE version, encryption, integrity, and Diffe Hellman Group for Phase 1 and Phase 2 VPN negotiation)
- The knowledge base contains recommended configuration settings for many common platforms
Building the VPN Connection
Use this procedure to create a Route-Based VPN site connection with Pureport.
- Log into the Pureport Console.
- In the left navigation bar, select the Networks tab.
- The Networks page list the existing networks. Select your network
- On your network page, select Add Connection.
- In the New Connection window, for Type, select Site IPSec VPN, then select Next.
Select the Pureport Location you would like this connection to be created, and click Next. You should select the site geographically closest to your physical location.
Select the Speed of the connection, then click Next. Do not exceed the maximum speed of your Internet connection.
- Enter the Primary IP Address and Secondary IP Address of your site routers. You will only need different customer router IP addresses if your site has multiple Internet connections with separate IP addresses. If your site has a single address, enter it in both the Primary and Secondary fields.
In the Routing Type field, select Route Based Static and click Next.
On the Customer Networks page, enter the network IP address and name for each networks behind your firewall to have access to this connection, then click Next. These network entries are required for route-based VPNs using static routing and provide the static routes to to the Pureport network.
- Use the Add Customer Networks button to add additional networks.
- Use the Delete button to remove a customer network
- On the NAT Configuration page, you may also enable and configure Cloud Grade NAT if desired, as detailed in the Cloud Grade NAT knowledge-base article. Then click Next.
On the IKE Configuration page, select the IKE/ESP Encryption settings that meet your security requirements and are supported by your site's physical device. Then click Next.
Enter a meaningful Name and Description, then click Add Connection.
The Console generates a default name, but you can enter a name that conforms to your organization's naming standards.
Review your selections and choose Add Connection to create your Policy Based Site VPN Connection.
- After saving the Connection, the system displays the following information:
- Site IPsec VPN settings
- Traffic Selectors
- Primary Gateway
- Secondary Gateway
Be sure to record this information, you will need this information later.
The Pureport Support Knowledge Base has guidance on configuring the most common VPN appliances to connect to your Site VPN Connection.