-
Release Notes
- November 16, 2023
- October 18, 2023
- September 20, 2023
- August 17, 2023
- July 20, 2023
- July 3, 2023
- May 25, 2023
- May 1, 2023
- April 6, 2023
- April 2, 2023
- March 13, 2023
- February 22, 2023
- February 2, 2023
- January 12, 2023
- January 4, 2023
- New portal
- 2022 Releases
-
2021 Releases
- December 20, 2021
- December 1, 2021
- November 22, 2021
- November 4, 2021
- October 26, 2021
- September 30, 2021
- September 22, 2021
- September 2, 2021
- August 16, 2021
- August 2, 2021
- July 19, 2021
- July 1, 2021
- June 17, 2021
- June 1, 2021
- April 30, 2021
- April 8, 2021
- March 25, 2021
- March 15, 2021
- February 25, 2021
- February 8, 2021
- January 28, 2021
- January 21, 2021
- January 13, 2021
- 2020 Releases
- Getting Started
- Ports
- Cross Connects
- Point-to-Point
- Virtual Circuits
- Cloud Connections
- Cloud Router
- Marketplace & IX
- Administration
- Billing
- Troubleshooting & FAQ
- Technical Reference
- Partners Portal
- API & Automation
VPN Configuration
Before you can use Site-to-Site VPN with Cloud Router, you will need to configure your VPN platform for BGP with Cloud Router.
The steps for each platform varies, and you will need to refer to their respective user guides.
You will need the following information from PacketFabric:
This can be found on the details page of the VPN connection in the PacketFabric portal.
From the BGP Settings page, you will need the PacketFabric ASN (the ASN you assigned to the Cloud Router) and the ASN you assigned to your on-premises environment. For more information, see Configure BGP for VPN Connections.
Supported configuration options
-
Row
- Field
- Options
-
Row
-
IPsec Presets
-
Selecting one of these will pre-fill the fields for the options below. Depending on the device, some fields may or may not be still editable.
Cisco ASA 9.8.1+
Cisco IOS - IKE v1
Cisco IOS - IKE v2
Fortigate - Firmware <=6.1
Fortigate - Firmware >=6.2
Generic (Pfsense, strongSwan, etc)
Juniper Netscreen
Juniper SRX >=11.1
Juniper SRX >=12.1X45-D10
Palo Alto Networks NGFW <10.0
Palo Alto Networks NGFW >=10.0
SonicWall
WatchGuard
-
-
Row
- IKE version
- 1
2
-
Row
- Phase 1 group
Phase 2 PFS group - Group 1 768-bit MODP
Group 2 1024-bit MODP
Group 5 1536 bit MODP
Group 14 2048 bit MODP
Group 15 3072 bit MODP
Group 16 4096 bit MODP
Group 19 256-bit random ECP
Group 20 384-bit random ECP
Group 24 2048-bit MODP with 256-bit prime order subgroup
- Phase 1 group
-
Row
- Phase 1 auth algo
- md5
sha1
sha-256
sha-384
-
Row
- Phase 2 auth algo
- hmac-md5-96
hmac-sha-256-128
hmac-sha1-96
-
Row
- Phase 1 encryption algo
- aes-128-cbc
aes-192-cbc
aes-256-cbc
3des-cbc
des-cbc
-
Row
- Phase 2 encryption algo
- aes-128-cbc
aes-192-cbc
aes-256-cbc
aes-128-gcm
aes-192-gcm
aes-256-gcm
3des-cbc
des-cbc
Helpful links
Cisco Support (ASA): Site-to-Site IKEv2 Tunnel between ASA and Router Configuration Examples (also includes IOS examples)
Fortinet Document Library: Basic site-to-site VPN with pre-shared key
Palo Alto Networks Knowledge Base: How to Configure IPSec VPN
Netgate Docs (Pfsense): IPsec Site-to-Site VPN Example with Pre-Shared Keys
Junos OS Tech Library: Route-Based IPsec VPNs
SonicWall Video Tutorials: Setup a Site to Site VPN
WatchGuard Help Center: Configure a BOVPN Virtual Interface and Configure IPv4 and IPv6 Routing with BGP
Updated on 25 Jul 2022