Oracle offers an alternate method for establishing a connection using IPSec. The connection is terminated on the customer's existing VPN hardware. This option generally requires an extended implementation cycle and is approved on an exception basis. If the customer chooses to use their existing VPN device (for example, firewall or VPN concentrator) as a termination point, the VPN overall requirements described above remain the same. The encryption domain requirements for this connection will create a more complex configuration.
The requirements include, but are not limited to:
A public IP per Gateway connection supplied by the customer for use inside the VPN encryption domain;
Access to three /26 subnets and multiple /32 addresses inside the encryption domain;
Network Address Translation (NAT) between the host and the Oracle resources over the tunnel is not supported (the Gateway must communicate directly to the public IP addresses inside the Oracle VPN.)