Advanced configurations

This page describes advanced configuration details for the following scenarios:

  • High-availability VPNs
  • High-throughput VPNs
  • Multiple subnet VPNs

To learn about the basic concepts of Cloud VPN, see the Cloud VPN overview.

Order of routes

You can create a VPN tunnel that has the same IP range as another tunnel, a subset of the other tunnel's range, or a superset of the other tunnel's range.

For details, see Order of routes.

Configure IKE, including multiple subnet support

In Supported IKE ciphers, you can find details about how Cloud VPN supports multiple IKE ciphers.

In Networks and tunnel routing, you can find information about supported Virtual Private Cloud (VPC) networks and routing options, including traffic selectors.

UDP encapsulation

Cloud VPN only supports one-to-one NAT by using UDP encapsulation for NAT-Traversal (NAT-T). NAT-T is required so that IPsec traffic can reach destinations without external (public) IP addresses behind the NAT. One-to-many NAT and port-based address translation are not supported. In other words, Cloud VPN cannot connect to multiple peer VPN gateways that share a single external IP address.

For more details about VPN gateways behind one-to-one NAT, see On-premises gateways behind NAT on the Troubleshooting page.

Maximum transmission unit (MTU) considerations

The Cloud VPN MTU size is 1460 bytes. For a description of how to configure your peer VPN gateway to support this MTU size if required, see MTU considerations.

High-availability VPNs, high-throughput VPNs, and failover

HA VPN is the recommended method of implementing high-availability VPNs and high-throughput VPNs. If your peer VPN gateway supports BGP, you can configure an HA VPN gateway with a 99.99% uptime SLA by using an active/active or active/passive tunnel configuration.

For Classic VPN gateways, you can provide VPN redundancy and failover by using these throughput and load balancing options. However, with this configuration, you receive a 99.9% availability SLA.

What's next

  • To learn about the basic concepts of Cloud VPN, see the Cloud VPN overview.
  • To help you solve common issues that you might encounter when using Cloud VPN, see Troubleshooting.