Setting up Google Cloud end
From Hybrid connectivity, select VPN, then click Create VPN connection.
Select Classic VPN
Give the VPN a name, select the Network and Region for the gateway.
Select an External IP for the gateway or create a new one.
Enter the IP of the Cisco router, enter the pre-shared key, or generate a key.
Select Route-based and enter the local subnets.
Click done and the VPN gateway will be completed.
Configuring the Cisco Router
ESP and UDP port 500 need to be open on the firewall.
Configure the IKEv2 tunnel.
Create an IKEv2 keyring and add the pre-shared key.
crypto ikev2 keyring GCP
peer GCP
address 34.91.104.31
pre-shared-key FSyf6mxuxafo0Vd5D0n4a9TC53aD6PuA
Create an IKEv2 Proposal and set the encryption and integrity algorithm, and DH group,
crypto ikev2 proposal GCP
encryption aes-cbc-256
integrity sha256
group 14
Create an IKEv2 Policy and add the proposal.
crypto ikev2 policy GCP
proposal GCP
Create an IKEv2 Profile.
crypto ikev2 profile GCP
match identity remote address 34.91.104.31 255.255.255.255
authentication remote pre-share
authentication local pre-share
keyring local GCP
Configure IPsec
Create an IPsec transform-set.
crypto ipsec transform-set GCP esp-aes 256 esp-sha256-hmac
mode tunnel
Create an IPsec profile.
crypto ipsec profile GCP
set transform-set GCP
set pfs group14
set ikev2-profile GCP
Configure a virtual tunnel interface.
The tunnel requires an IP address to be assigned; this is not used by Google Cloud, so any unused IP address can be used.
interface Tunnel1
description VPN_TO_GCP
ip address 172.31.255.250 255.255.255.255 !! Use anything
ip mtu 1440
ip tcp adjust-mss 1380
tunnel mode ipsec ipv4
tunnel protection ipsec profile GCP
tunnel destination 34.91.104.31
tunnel source x.x.x.x !! Router public IP
Add static routes
Add static routes for Google Cloud subnets.
ip route 10.164.0.0 255.255.240.0 Tunnel1
Comments
Post a Comment