VPN interoperability guides

This page provides interoperability guides and vendor-specific notes for peer third-party VPN devices or services you can use to connect to Cloud VPN.

Each Interop guide offers specific instructions for connecting the third-party VPN solution to Cloud VPN.

If the third-party solution supports dynamic (BGP) routing, the guide includes configuration instructions for Cloud Router.

  • Most peer VPN devices should be compatible with Cloud VPN. For general information about configuring peer VPN devices, see Configuring the Peer VPN Gateway.
  • For a list of IKE ciphers and other configuration parameters used by Cloud VPN, see Supported IKE Ciphers.

Interop guides by vendor

This section lists interoperability guides by vendor in alphabetical order. Each guide covers how to use that vendor's VPN gateway solution with Cloud VPN.

See the vendor-specific notes section for detailed notes covering the vendors listed in this section.



Vendor-specific notes


  • If your VPN gateway runs Cisco IOS XE, make sure you're running version 16.6.3 (Everest) or later. Earlier versions have known problems with Phase 2 rekey events, which results in tunnels going down for a few minutes every few hours.
  • Cisco ASA supports route-based VPN with Virtual Tunnel Interface (VTI) in IOS version 9.7(x) and later. See the Cisco ASA Series 9.7(x) Release Notes and the VTI chapter in the Cisco ASA Series VPN CLI Configuration Guide, 9.7.
  • When using Cisco ASA devices with a Cloud VPN tunnel, you cannot configure more than one IP address range (CIDR block) for each of the local and remote traffic selectors. This is because Cisco ASA devices use a unique Security Association (SA) for each IP address range in a traffic selector, while Cloud VPN uses a single SA for all IP ranges in a traffic selector. See traffic selectors for more information.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...