VPN Configuration

Before you can use Site-to-Site VPN with Cloud Router, you will need to configure your VPN platform for BGP with Cloud Router.

The steps for each platform varies, and you will need to refer to their respective user guides.

You will need the following information from PacketFabric:

Screenshot of the IKE details in the PacketFabric portal

This can be found on the details page of the VPN connection in the PacketFabric portal.

From the BGP Settings page, you will need the PacketFabric ASN (the ASN you assigned to the Cloud Router) and the ASN you assigned to your on-premises environment. For more information, see Configure BGP for VPN Connections.

Supported configuration options

  • Row

    • Field
    • Options
  • Row

    • IPsec Presets

    • Selecting one of these will pre-fill the fields for the options below. Depending on the device, some fields may or may not be still editable.

      Cisco ASA 9.8.1+
      Cisco IOS - IKE v1
      Cisco IOS - IKE v2
      Fortigate - Firmware <=6.1
      Fortigate - Firmware >=6.2
      Generic (Pfsense, strongSwan, etc)
      Juniper Netscreen
      Juniper SRX >=11.1
      Juniper SRX >=12.1X45-D10
      Palo Alto Networks NGFW <10.0
      Palo Alto Networks NGFW >=10.0
      SonicWall
      WatchGuard

  • Row

    • IKE version
    • 1
      2
  • Row

    • Phase 1 group
      Phase 2 PFS group
    • Group 1 768-bit MODP
      Group 2 1024-bit MODP
      Group 5 1536 bit MODP
      Group 14 2048 bit MODP
      Group 15 3072 bit MODP
      Group 16 4096 bit MODP
      Group 19 256-bit random ECP
      Group 20 384-bit random ECP
      Group 24 2048-bit MODP with 256-bit prime order subgroup
  • Row

    • Phase 1 auth algo
    • md5
      sha1
      sha-256
      sha-384
  • Row

    • Phase 2 auth algo
    • hmac-md5-96
      hmac-sha-256-128
      hmac-sha1-96
  • Row

    • Phase 1 encryption algo
    • aes-128-cbc
      aes-192-cbc
      aes-256-cbc
      3des-cbc
      des-cbc
  • Row

    • Phase 2 encryption algo
    • aes-128-cbc
      aes-192-cbc
      aes-256-cbc
      aes-128-gcm
      aes-192-gcm
      aes-256-gcm
      3des-cbc
      des-cbc

Cisco Support (ASA): Site-to-Site IKEv2 Tunnel between ASA and Router Configuration Examples (also includes IOS examples)

Fortinet Document Library: Basic site-to-site VPN with pre-shared key

Palo Alto Networks Knowledge Base: How to Configure IPSec VPN

Netgate Docs (Pfsense): IPsec Site-to-Site VPN Example with Pre-Shared Keys

Junos OS Tech Library: Route-Based IPsec VPNs

SonicWall Video Tutorials: Setup a Site to Site VPN

WatchGuard Help Center: Configure a BOVPN Virtual Interface and Configure IPv4 and IPv6 Routing with BGP