1 Solution Overview

This document describes how to set up VPN access from an Oracle-certified third-party VPN device in your data center to Compute Classic instances that are attached to an IP network defined by you in a multitenant Compute Classic site.

Topics

Note:

The following other VPN solutions are available for instances in multitenant sites:

Solution Architecture and Key Components

The following figure provides an overview of the solution:
Solution overview

The following are the key components of this solution:

  • Corente Services Gateway: Corente Services Gateway is installed on an Compute Classic instance running in Oracle Cloud. It serves as a proxy that facilitates secure access and data transfer in the VPN solution.

  • Corente App Net Manager Service Portal: You use App Net Manager to create, configure, modify, delete, and monitor the components of your Corente-powered network. You can create, configure, modify, delete, and monitor the components of your Corente-powered network using the Compute Classic web console as well. For advanced configurations in your Corente-powered network, use the App Net Manger.

  • Third-Party Device: Any certified third-party VPN solution that allows interoperability with Corente Services Gateway.

Certified Third-Party VPN Devices and Configurations

The following table lists the third-party VPN device configurations that are certified for the Corente 9.4 release.

Certified Configurations Devices
  • Encryption AES256; Hash SHA-256

  • DH phase 1 group 14

  • No Perfect Forward Secrecy (PFS); so no Diffie-Hellman (DH) phase 2 group

Cisco 2921

Cisco ISR 4331

Checkpoint 3200

Palo Alto 3020

FortiGate-200D

  • Encryption AES256; Hash SHA-256

  • DH phase 1 group 14; DH phase 2 group 14

Cisco 2921

Cisco ISR 4331

Checkpoint 3200

Palo Alto 3020

FortiGate-200D

  • Encryption AES128; Hash SHA-256

  • DH phase 1 group 14; no PFS

Cisco 2921

Cisco ISR 4331

Checkpoint 3200

Palo Alto 3020

FortiGate-200D

  • Encryption AES192; Hash SHA-1

  • DH phase 1 group 2, DH phase 2 group 2

Cisco ASA5505

  • Encryption AES256; Hash SHA-1

  • DH phase 1 group 5; no PFS

Cisco ISR 4331

Checkpoint 3200

Palo Alto 3020

FortiGate-200D

Note:

Other devices may work if they are configured with the certified configurations.

The Corente Services Gateway uses IPSec and is behind a NAT, so network address translator traversal (NAT-T) is required. Ensure that the third-party device in your data center supports NAT-T.

Workflow for Setting Up VPN

Task More Information

Create and configure your account on Oracle Cloud

Getting an Oracle.com Account in Getting Started with Oracle Cloud

Obtain a trial or paid subscription to Compute Classic.

After you subscribe to Compute Classic, you will get your Corente credentials through email. Make a note of these credentials.

How to Begin with Compute Classic Subscriptions in Using Oracle Cloud Infrastructure Compute Classic

Create an IP network.

Creating an IP Network

Set up Corente Services Gateway (cloud gateway) on a Compute Classic instance.

Creating a Cloud Gateway

Establish partnership between the third-party VPN device and the cloud gateway.

Registering a Third-Party VPN Device

Connecting the Cloud Gateway with the Third-Party Device

Configure your guest instances for VPN access.

Configuring Your Guest Instances for VPN Access

Solution Architecture for Setting Up VPN Gateways in Active-Active HA Mode

You can deploy two Corente Services Gateway as failover partners to ensure high availability. The following figure provides an overview of the solution.


Solution overview with two Corente Service Gateways deployed as failover partners.

In this solution, two Corente Services Gateways, configured identically, are deployed as failover partners. Each Corente Service Gateway is connected to a separate third-party VPN device, setting up two VPN tunnels between Oracle Cloud network and your data center. When both VPN tunnels are available, load is balanced between the two Corente Services Gateways. If one of the VPN tunnel fails, Corente Services Gateway detects the failure and forwards the incoming traffic to its failover partner. This offers redundancy against VPN tunnel failures.

Workflow for Setting Up VPN Gateways in Active-Active HA Mode

Task More Information

Create and configure your account on Oracle Cloud

Getting an Oracle.com Account in Getting Started with Oracle Cloud

Obtain a trial or paid subscription to Compute Classic.

After subscribing to Compute Classic, you will get your Corente credentials through email. Make a note of these credentials.

How to Begin with Compute Classic Subscriptions in Using Oracle Cloud Infrastructure Compute Classic

Create an IP network.

Creating an IP Network

Set up two Corente Services Gateways (cloud gateways) in Oracle Cloud.

Creating a Cloud Gateway

Add the first third-party VPN device.

Registering a Third-Party VPN Device

Add the second third-party VPN device.

Registering a Third-Party VPN Device

Establish partnership between the first pair of cloud gateway and third-party VPN device in your data center.

Connecting the Cloud Gateway with the Third-Party Device

Establish partnership between the second pair of cloud gateway and third-party VPN device in your data center.

Connecting the Cloud Gateway with the Third-Party Device

Configure the two Corente Services Gateways (cloud gateways) in Oracle Cloud as failover partners.

Configuring Active-Active HA

Configure your guest instances for VPN access.

Configuring Your Guest Instances for VPN Access