Moving to HA VPN

This page describes the strategy to move from Classic VPN to HA VPN.

Before you begin

Consider the following as you plan a migration to HA VPN:

  • Your peer VPN device or service must support the Border Gateway routing Protocol (BGP). If it does not, you cannot use HA VPN.

  • The public IP address of your Cloud VPN gateway(s) cannot be preserved. Two new public IP addresses are created when you create an HA VPN gateway. Google Cloud selects these IP from two different pools as part of the HA design.

  • You cannot migrate an existing Cloud VPN tunnel or tunnels on a Classic VPN gateway to an HA VPN gateway. Instead, you need to create new tunnels and delete the old ones.

  • Migrating to HA VPN means that you can only use features supported on HA VPN connections. For example, you cannot connect a Classic VPN gateway to a HA VPN gateway.

Migration procedure

To move from Classic VPN to HA VPN gateways and tunnels, perform the following steps:

  1. Create a new HA VPN gateway, Cloud Router, and VPN tunnels to connect your Virtual Private Cloud network to your peer network. Follow the directions in Creating an HA VPN gateway to a Peer VPN gateway. The new HA VPN gateway you create will have two new external IP addresses.
  2. Verify that the new tunnels are working and check the configuration of your HA VPN gateway for high availability
  3. Delete the tunnel or tunnels connected to the Classic VPN gateway. if the previous VPN tunnel or tunnels were policy based or route based, remove any leftover custom static routes.
  4. Delete the Classic VPN gateway and release any static external IP addresses it used.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...