Each Interop guide offers specific instructions for connecting the third-party VPN solution to Cloud VPN.
If the third-party solution supports dynamic (BGP) routing, the guide includes configuration instructions for Cloud Router.
- Most peer VPN devices should be compatible with Cloud VPN. For general information about configuring peer VPN devices, see Configuring the Peer VPN Gateway.
- For a list of IKE ciphers and other configuration parameters used by Cloud VPN, see Supported IKE Ciphers.
Interop guides by vendor
This section lists interoperability guides by vendor in alphabetical order. Each guide covers how to use that vendor's VPN gateway solution with Cloud VPN.
See the vendor-specific notes section for detailed notes covering the vendors listed in this section.
- Alibaba Cloud VPN Gateway without redundancy — supports static routes only
- Alibaba Cloud VPN Gateway with redundancy — supports static routes only
- Amazon Web Services with Classic VPN — supports static routes or dynamic routing with Cloud Router
- Cisco ASA — supports static routes only
- Cisco ASR
- Check Point security gateway
- Fortinet FortiGate 300C — supports static routes or dynamic routing with Cloud Router
- Microsoft Azure — supports static routes only
- Palo Alto Networks PA-3020 — supports static routes or dynamic routing with Cloud Router
- strongSwan — supports dynamic routing with Cloud Router and BIRD
- VyOS — supports static routes or dynamic routing with Cloud Router
- If your VPN gateway runs Cisco IOS XE, make sure you're running version 16.6.3 (Everest) or later. Earlier versions have known problems with Phase 2 rekey events, which results in tunnels going down for a few minutes every few hours.
- Cisco ASA supports route-based VPN with Virtual Tunnel Interface (VTI) in IOS version 9.7(x) and later. See the Cisco ASA Series 9.7(x) Release Notes and the VTI chapter in the Cisco ASA Series VPN CLI Configuration Guide, 9.7.
- When using Cisco ASA devices with a Cloud VPN tunnel, you cannot configure more than one IP address range (CIDR block) for each of the local and remote traffic selectors. This is because Cisco ASA devices use a unique Security Association (SA) for each IP address range in a traffic selector, while Cloud VPN uses a single SA for all IP ranges in a traffic selector. See traffic selectors for more information.
- Learn about the basic concepts of Cloud VPN
- See Advanced Configurations for information on high-availability, high-throughput scenarios, or multiple subnet scenarios.
- Create a custom Virtual Private Cloud network
- Set up different types of Cloud VPN
- Maintain VPN tunnels and gateways
- View logs and monitoring metrics
- Get troubleshooting help