LogoLogo
HI GIO User Guide EN
HI GIO User Guide EN
  • HI GIO Cloud Help Center
    • HI GIO Cloud Website
    • HI GIO Cloud Sales Portfolio
  • COMPUTE
    • 1. Working with VM
      • Create a New Virtual Machine from ISO
      • Create a Virtual Machine from a Template
      • Install VMware Tools in a Virtual Machine
      • View VM
      • Performing Power Operations on Virtual Machines
      • Editing the properties of a new VM
      • Create VM's Template
      • Force change root/administrator's password
      • Safely remove Disk in Windows OS
    • 2. Working with vAPP
      • Create a vAPP
      • Start and Stop Order of Virtual Machines in a vApp
    • 3. HI GIO Auto Scale
    • 4. HI GIO API
      • API creates VM from Template
      • API reconfigures VM's Disk
      • API reconfigures VM's Networks
      • API token login
      • API reconfigures VM's Memory
      • API reconfigures VM's CPU
      • API power on/off VM
    • 5. HI GIO KMS Service
    • 6. Encryption Management Service
  • HI GIO S3 STORAGE
    • Login to HI GIO S3 Storage Portal
    • How to get the S3 Key
    • Mount HI GIO S3 Storage into Windows
    • Bucket Management
      • How to create the new Bucket
      • Setup Public or Private ACL for Bucket
      • Versioning
      • Lifecycle Rule
      • Bucket Policy
    • Management File, Folder
      • Create the Folder
      • Upload Folder/File
      • Download Folder/Files
      • Get the link Download of Files
      • File Versioning
    • Connect S3 Services with Veeam Backup
      • Connect HI GIO S3 with Veeam Backup
    • Backup DATA from NAS to HI GIO S3 Service
      • Backup Data from Synology NAS with ClouSync
      • Backup Data from Synology NAS with Hyper Backup
    • S3 Data Encryption – SSE-C and SSE-S3
  • BACK-UP AS A SERVICE
    • 1. HI GIO BaaS
      • BaaS Support Matrix
      • Install Veeam Agent for Linux
      • Install Veeam Agent for Windows
      • Update Veeam Service Provider Console Management Agent v.7 & Backup Agent v.6
      • Create backup job on Linux OS via Veeam agent console
      • Create backup job on Windows OS via Veeam agent console
      • Create backup job for Linux via Portal
      • Create backup job for Windows via Portal
      • Restore Linux VM on HIGIO Cloud via Media file (ISO file)
      • Restore Windows VM on HI GIO Cloud via Media file (ISO file)
      • How to configure receive Alarm from BaaS
      • Workaround
        • Veeam Agent Installation for CentOS 9 Stream
        • Veeam Agent Installation for CentOS 8 Stream
        • Veeam Agent Installation for RHEL 9.2
    • 2. HI GIO Backup
      • Restore Entire VM via vCD's portal
      • Instant Recovery
    • 3. HI GIO M365 BaaS
  • HI GIO DRaaS
    • How To Install vCDA On-Premises appliance
    • How To Use vCDA On-Premises
    • Stretching layer 2 networks for HI GIO's DRaaS
      • Preparing the configure
      • Deploy NSX Autonomous Edge (on-premises site)
      • Register & configure the Networks of the NSX Autonomous Edge On-Premises
      • Create a L2 VPN server session (HI GIO site).
      • Create a L2 VPN - Client session (on-premises site)
      • (Optional) Deploy the secondary NSX Autonomous Edge in HA mode (on-premises site)
    • FAILOVER SCENARIO
      • ENVIRONMENT
      • FAILOVER
        • Step 1: Create a protection job (from on-premises site)
        • Step 2: Configure the Network Settings for On-Premises to Cloud Replications
        • Step 3P - Partial failover VMs (VM - APP1) from on-premise site to HI GIO site
        • Step 3F - Full failover vAPP1 (VM - APP1 & VM - DB1) from on-premise site to HI GIO
        • Step 4: Reverse replication of the VM from HI GIO Cloud to On-Premises
        • Step 5: Migrate the VMs back from HI GIO Cloud to On-Premises
        • Step 6: Reprotect the VMs from On-Premises to HI GIO Cloud
        • FAQs
  • NETWORK
    • 1. Working with Network
      • Working with Organization VDC Networks
      • How to create NAT rules on Edge Gateway
      • Using Edge Gateway Firewall
      • Using Distributed Firewall in a Data Center Group
    • 2. VPN
      • IPSec parameters
      • IPSec VPN
      • IPSec Remote Access VPN Clients on Windows
    • 3. Load Balancer
      • Import SSL Certificate
      • Create Pools on Load Balancing
      • Create Virtual Service (VS) on Load Balancing
      • Open Firewall Rule To Public Service To Internet
      • Monitor Traffic Analytics
      • How to Use WAF on HI GIO Portal
  • MANAGEMENT
    • 1. IAM Portal
      • Activate HI GIO - IAM account
      • HI GIO Portal – Tenant User Guide
      • Setup Password Lifetime
      • Setup Passkey
      • HI GIO's VM monitoring
      • HI GIO's Monitoring Alert - Email notification channel
      • HI GIO's Monitoring Alert - Telegram notification channel
    • 2. Create a Catalog
  • HI GIO Kubernetes
    • 1. Steps To Create Kubernetes Cluster on HI GIO Portal
    • 2. How to resize Kubernetes Cluster on HI GIO portal
    • 3. Extending disk size for nodes in Kubernetes Cluster on HI GIO Portal
    • 4. How to upgrade Kubernetes Cluster in HI GIO Portal
    • 05. Deploy demo app with persistence volume and publish app via ingress controller
    • 06. How to configure HI GIO Kunernetes cluster autoscale
Powered by GitBook
On this page
  • Overview
  • Procedure
Export as PDF
  1. NETWORK
  2. 2. VPN

IPSec VPN

PreviousIPSec parametersNextIPSec Remote Access VPN Clients on Windows

Last updated 4 months ago

Overview

IPsec VPN offers site-to-site connectivity between an HI GIO and remote sites with third-party hardware routers or VPN gateways that support IPSec.

On HI GIO, you can create VPN tunnels between:

  • Organization virtual data center networks in the same organization

  • Organization virtual data center networks in different organizations

  • Between an organization's virtual data center network and an external network

Procedure

Fulfill .

Step 1: In the top navigation bar, click Networking and click the Edge Gateways tab.

Step 2: Click the edge gateway.

Step 3: Under Services, click IPSec VPN.

Step 4: To configure an IPSec VPN tunnel, click New.

Step 5: Enter a Name and a description (optional) for the IPSec VPN tunnel.

Step 6: To enable the tunnel upon creation, toggle on the Status option.

For the Security Profile – we keep it as Default and configure it later once the VPN tunnel has been created.

Step 7: Click NEXT to select Authentication mode.

Step 8: Select a peer authentication mode and NEXT.

HI GIO supported 02 option for Authentication Mode:

Option

Description

Pre-Shared Key

Choose a pre-shared key to enter. The pre-shared key must be the same on the other end of the IPSec VPN tunnel.

Certificate

Select site and CA certificates to be used for authentication.

IP address [Local Endpoint]: Enter public IP (HI GIO’s public IP).

Networks [Local Endpoint]: Enter at least one local (HI GIO’s network) IP subnet address for the IPSec VPN tunnel.

IP address [Remote Endpoint]: Enter public IP (remote site, ex: Office’s public IP).

Networks [Remote Endpoint]: Enter at least one remote IP (ex: Office’s network) subnet address for the IPSec VPN tunnel.

Step 10: Enter the remote ID (optional) for the peer site.

In case we use a Certificate for Authentication mode

The remote ID must match the SAN (Subject Alternative Name) of the remote endpoint certificate, if available. If the remote certificate does not contain a SAN, the remote ID must match the distinguished name of the certificate that is used to secure the remote endpoint, for example, C=US, ST=Massachusetts, O=VMware, OU=VCD, CN=Edge1.

Step 11: Click Next.

Step 12: Review your settings and click Finish.

The newly created IPSec VPN tunnel is listed in the IPSec VPN view. The IPSec VPN tunnel is created with a default security profile.

Step 13: To verify that the tunnel is functioning, select it and click View Statistics.

If the tunnel is functioning, Tunnel Status and IKE Service Status both display Up.

Once the IPSec VPN tunnel has been created. We can change the IPSec VPN configuration by security profile, it must fit with the remote site.

Step 1: In the top navigation bar, click Networking and click the Edge Gateways tab.

Step 2: Click the edge gateway.

Step 3: Under Services, click IPSec VPN.

Step 4: Select the IPSec VPN tunnel and click Security Profile Customization.

Remember that the security settings must match the remote site's security settings.

IP set detail:

Step 2: Create 02 the firewall rules (Edge gateway firewall) for the IPsec tunnel:

+ HI GIO to Local (remote site)

+ And Local (remote site) to HI GIO

If we used Distributed firewall, we also need to create firewall rules to allow VPN’s traffic (remote site to HI GIO).

*** Please also set the firewall rules for VPN traffic on the remote routers.

VALIDATE: Tunnel static is UP with Traffic

Step 9: On Endpoint Configuration windows, we put some parameters (follow in the prepare step):

Step 5: Change the configures of the VPN tunnel as you prepared ().

Step 1: Preparing IP set for firewall rule (can use dynamic\static group also).

IPSec parameters
IPSec parameters
More detail
IPSec parameters
IPsec-Higio
IPsec-Local-Subnet