Console
    Contact Us Start free

    Advanced configurations

    This page describes advanced configuration details for the following scenarios:

    • High-availability VPNs
    • High-throughput VPNs
    • Multiple subnet VPNs

    To learn about the basic concepts of Cloud VPN, see the Cloud VPN overview .

    Order of routes

    You can create a VPN tunnel that has the same IP range as another tunnel, a subset of the other tunnel's range, or a superset of the other tunnel's range.

    For details, see Order of routes .

    Configure IKE, including multiple subnet support

    In Supported IKE ciphers , you can find details about how Cloud VPN supports multiple IKE ciphers.

    In Networks and tunnel routing , you can find information about supported Virtual Private Cloud (VPC) networks and routing options, including traffic selectors.

    UDP encapsulation

    Cloud VPN only supports one-to-one NAT by using UDP encapsulation for NAT-Traversal (NAT-T). NAT-T is required so that IPsec traffic can reach destinations without external (public) IP addresses behind the NAT. One-to-many NAT and port-based address translation are not supported. In other words, Cloud VPN cannot connect to multiple peer VPN gateways that share a single external IP address.

    For more details about VPN gateways behind one-to-one NAT, see On-premises gateways behind NAT on the Troubleshooting page.

    Maximum transmission unit (MTU) considerations

    The Cloud VPN MTU size is 1460 bytes. For a description of how to configure your peer VPN gateway to support this MTU size if required, see MTU considerations .

    High-availability VPNs, high-throughput VPNs, and failover

    HA VPN is the recommended method of implementing high-availability VPNs and high-throughput VPNs. If your peer VPN gateway supports BGP, you can configure an HA VPN gateway with a 99.99% uptime SLA by using an active/active or active/passive tunnel configuration.

    For Classic VPN gateways, you can provide VPN redundancy and failover by using these throughput and load balancing options . However, with this configuration, you receive a 99.9% availability SLA.

    What's next

    • To learn about the basic concepts of Cloud VPN, see the Cloud VPN overview .
    • To help you solve common issues that you might encounter when using Cloud VPN, see Troubleshooting .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: