1 Solution Overview
This document describes how to set up VPN access from an Oracle-certified third-party VPN device in your data center to Compute Classic instances that are attached to an IP network defined by you in a multitenant Compute Classic site.
Topics
-
Solution Architecture for Setting Up VPN Gateways in Active-Active HA Mode
-
Workflow for Setting Up VPN Gateways in Active-Active HA Mode
Note:
The following other VPN solutions are available for instances in multitenant sites:-
VPN access through a Corente Services Gateway in your data center to instances attached to an IP network defined by you in the cloud. See Setting Up VPN From a Corente Services Gateway to an IP Network in Oracle Cloud.
-
VPN access through a third-party gateway or Corente Services Gateway in your data center to instances attached to the Oracle-provided shared network. See the following documentation:
Solution Architecture and Key Components
The following figure provides an overview of the solution:
The following are the key components of this solution:
-
Corente Services Gateway: Corente Services Gateway is installed on an Compute Classic instance running in Oracle Cloud. It serves as a proxy that facilitates secure access and data transfer in the VPN solution.
-
Corente App Net Manager Service Portal: You use App Net Manager to create, configure, modify, delete, and monitor the components of your Corente-powered network. You can create, configure, modify, delete, and monitor the components of your Corente-powered network using the Compute Classic web console as well. For advanced configurations in your Corente-powered network, use the App Net Manger.
-
Third-Party Device: Any certified third-party VPN solution that allows interoperability with Corente Services Gateway.
Certified Third-Party VPN Devices and Configurations
The following table lists the third-party VPN device configurations that are certified for the Corente 9.4 release.
Certified Configurations | Devices |
---|---|
|
Cisco 2921 Cisco ISR 4331 Checkpoint 3200 Palo Alto 3020 FortiGate-200D |
|
Cisco 2921 Cisco ISR 4331 Checkpoint 3200 Palo Alto 3020 FortiGate-200D |
|
Cisco 2921 Cisco ISR 4331 Checkpoint 3200 Palo Alto 3020 FortiGate-200D |
|
Cisco ASA5505 |
|
Cisco ISR 4331 Checkpoint 3200 Palo Alto 3020 FortiGate-200D |
Note:
Other devices may work if they are configured with the certified configurations.
The Corente Services Gateway uses IPSec and is behind a NAT, so network address translator traversal (NAT-T) is required. Ensure that the third-party device in your data center supports NAT-T.
Workflow for Setting Up VPN
Task | More Information |
---|---|
Create and configure your account on Oracle Cloud |
Getting an Oracle.com Account in Getting Started with Oracle Cloud |
Obtain a trial or paid subscription to Compute Classic. After you subscribe to Compute Classic, you will get your Corente credentials through email. Make a note of these credentials. |
How to Begin with Compute Classic Subscriptions in Using Oracle Cloud Infrastructure Compute Classic |
Create an IP network. |
|
Set up Corente Services Gateway (cloud gateway) on a Compute Classic instance. |
|
Establish partnership between the third-party VPN device and the cloud gateway. |
|
Configure your guest instances for VPN access. |
Solution Architecture for Setting Up VPN Gateways in Active-Active HA Mode
You can deploy two Corente Services Gateway as failover partners to ensure high availability. The following figure provides an overview of the solution.
In this solution, two Corente Services Gateways, configured identically, are deployed as failover partners. Each Corente Service Gateway is connected to a separate third-party VPN device, setting up two VPN tunnels between Oracle Cloud network and your data center. When both VPN tunnels are available, load is balanced between the two Corente Services Gateways. If one of the VPN tunnel fails, Corente Services Gateway detects the failure and forwards the incoming traffic to its failover partner. This offers redundancy against VPN tunnel failures.
Workflow for Setting Up VPN Gateways in Active-Active HA Mode
Task | More Information |
---|---|
Create and configure your account on Oracle Cloud |
Getting an Oracle.com Account in Getting Started with Oracle Cloud |
Obtain a trial or paid subscription to Compute Classic. After subscribing to Compute Classic, you will get your Corente credentials through email. Make a note of these credentials. |
How to Begin with Compute Classic Subscriptions in Using Oracle Cloud Infrastructure Compute Classic |
Create an IP network. |
|
Set up two Corente Services Gateways (cloud gateways) in Oracle Cloud. |
|
Add the first third-party VPN device. |
|
Add the second third-party VPN device. |
|
Establish partnership between the first pair of cloud gateway and third-party VPN device in your data center. |
|
Establish partnership between the second pair of cloud gateway and third-party VPN device in your data center. |
|
Configure the two Corente Services Gateways (cloud gateways) in Oracle Cloud as failover partners. |
|
Configure your guest instances for VPN access. |