This document provides an overview of the methods that you can use to connect to a Compute Engine virtual machine (VM) instance through its internal IP address. Connecting to a VM using its internal IP address is useful if you isolate VMs from external networks by removing their external IP addresses or restricting inbound traffic to their external IP addresses.
If your VMs have external IP addresses, you can connect using external IP address.
Options
The following table summarizes the SSH options for connecting to VMs through their internal IP addresses.
| Method | Best used when |
|---|---|
| SSH tunneling with IAP | You don't want any external IP address access to any VMs in your project. You can use IAP on all Linux VMs, including bastion host VMs and VMs within projects that use Cloud VPN or Cloud Interconnect. |
| Bastion host VMs | You have a specific use case, like session recording, and you can't use IAP. |
| Cloud VPN or Cloud Interconnect | Your organization has configured Cloud VPN or Cloud Interconnect for their networking needs. Cloud VPN and Cloud Interconnect are separate Google Cloud products that aren't included in Compute Engine pricing. |