Setting up IPsec VPN

IPsec VPN allows you to access servers located in the cloud from your local network. This type of VPN securely connects two networks: for example, a local office network and a virtual data center network.

Some of the settings must be done on the router of your network. The following describes the settings that need to be made on the virtual gateway (Edge gateway).

1) Go to Networking -> Edges. Click on VEG. Click CONFIGURE SERVICES.

2) In the window that appears, go to the VPNsection. Select IPsec VPN Sites and click +

3) In the window that appears, fill in:

Enabled - enable the service.

Name - the name of the IPsec VPN connection.

Local Id and Local Endpoint - specify the external IP address from the list of available external IP addresses for the organization.

Local Subnets specify the list of remote subnets that you want to access from the virtual data center.

Peer Id and Peer Endpoint - specify the external IP address of the remote network router.

Peer Subnets - specify the list of remote subnets that you want to access from the virtual data center.

Encryption Algorithm - AES256is recommended. This parameter must be the same on the VEG and on the remote network router.

Pre-Shared Key - enter a key similar to that specified in the IPsec VPN connection settings on the LAN router.

Diffie-Hellman Group - We recommend using the latest available. This parameter must be the same on the VEG and on the remote network router.

4) Click Keep and Save changes to save the settings.

5) Go to the Activation Status tab and enable the IPsec VPN Service Status option.

Click Save changes to save your settings.

The necessary NAT and Firewall rules will be created automatically.

How can we help you?
Request Demo Access
client:

BEST, money transfer and payments operator

business challenge

The customer faced a technical issue with a persistent BGP session flag with Linxdatacenter hardware. We examined the problem and found out that one of customer’s hosts was under a DDoS attack.

Because of the distributed nature of the attack, traffic couldn’t be filtered effectively, and disconnecting the host from the external network wasn’t an option. The attack stopped after changes in the server configuration, but resumed the day after. A 5.5 Gbps attack overloaded the junctions with internet providers, affecting other Linx Cloud users. To mitigate the effects of the attack, we employed a dedicated DDoS protection service.

Solution

To ensure the continuous availability of resources hosted in Linx Cloud, we rerouted all the customer’s traffic through StormWall Anti-DDoS system. The attack was stopped within half an hour. To prevent future cyberattacks, we organized all connections to the customer’s resources through the StormWall network.

Thank you for your inquiry, we will get back to you shortly!