1. Administering Oracle SOA Cloud Service
  2. Provision an Oracle SOA Cloud Service Instance
  3. Provision an Oracle SOA Cloud Service Instance in Oracle Cloud Infrastructure Classic
  4. Post-Provisioning Tasks in Oracle Cloud Infrastructure Classic
  5. Configure VPN as a Service on Oracle Cloud Infrastructure Classic

Configure VPN as a Service on Oracle Cloud Infrastructure Classic

Only Oracle Cloud Infrastructure Classic This topic applies only to Oracle Cloud Infrastructure Classic.

You can set up a VPN connection between your data center and IP networks using VPN as a Service on Oracle Cloud Infrastructure Classic. This provides a secure communication channel between your data center and Oracle SOA Cloud Service instances that are added to your IP networks. For example, from a Oracle SOA Cloud Service instance configured with VPN as a Service, you can connect through FTP or invoke a database at your data center.

Before configuring VPN as a Service with Oracle SOA Cloud Service, you must satisfy the following prerequisites.

After satisfying these prerequisites, VPN as a Service configuration is a several step process:

  • You create a virtual network interface card set (VNICset) in which to group all virtual network interface cards (vNICs) that you want to access over the VPN connection. This task is a prerequisite for creating a VPN as a Service instance.

  • You create a VPN as a Service instance. This action creates a new VM host on which the VPN as a Service software is installed and an instance is started.

  • You configure a tunnel between the VPN as a Service instance and your company’s data center. This establishes a secure channel for accessing the data center as if it were inside your Oracle SOA Cloud Service environment.

Topics:

Create a Virtual NIC Set

You must create a virtual network interface card set (vNICset) in which to group all virtual network interface cards (vNICs) that you want to access over the VPN connection. Each instance (Oracle SOA Cloud Service and Oracle Database Cloud Service) has an associated vNIC. This task is a prerequisite for creating a VPN connection using VPN as a Service.

  1. Sign in to your Oracle Cloud Service account and navigate to the Oracle Cloud Infrastructure Console.
    See Sign In to Your Cloud Account in Getting Started with Oracle Cloud.
  2. Open the navigation menu and click OCI Classic Services. Under Classic Infrastructure Services, click Compute Classic.
  3. Click the Network tab.
  4. In the left navigation pane, select IP Network, then Virtual NIC Sets.
  5. Click Create vNICset.
  6. Select or enter the required information:
    Element Description

    Name

    Enter a name for the vNICset.

    vNICs

    Select the required vNICs (for example, Oracle Database Cloud Service and Oracle SOA Cloud Service). Without a vNIC, traffic through your company’s gateway is not allowed. vNICs are created automatically when you provision Oracle SOA Cloud Service and Oracle Database Cloud Service.

    Applied Access Control Lists

    Select the access control lists (ACLs) that you want to apply to this vNICset, including the default ACL. When you apply an ACL to a vNICset, all security rules in that ACL are applied to traffic to or from each of the vNICs in the vNICset. ACLs are created automatically when you provision Oracle SOA Cloud Service and Oracle Database Cloud Service.

    Description

    Enter a meaningful description for the vNICset.

    Tags

    Enter a list of the search tags that you want to associate with this vNICset.
  7. Click Create.
    The vNICset is created. You can use this vNICset as the next hop in any routes that you create, or as the source or destination in a security rule. ACLs are also applied to vNICsets.
You can manage your vNICsets. See Managing vNICsets in Using Oracle Cloud Infrastructure Compute Classic.

Create a VPN Connection Using VPN as a Service

After creating the VNICset, you can create a VPN instance and configure a tunnel between Oracle SOA Cloud Service and your data center using VPN as a Service.

  1. In the left navigation pane, select VPN > VPNaaS > VPN Connections.
    This page shows details about the created VPN as a Service instances.

    • Name: The name of the VPN as a Service instance.

    • Tunnel/Life Cycle: The status of the tunnel (up or down) and the instance. If the tunnel is up and the instance is ready, you can use VPN as a Service to connect to your data center.

    • Public IP/Private IP: The public and private IP addresses. Nothing needs to be manually entered. These are automatically created.

    • IP Network: The IP network on which the Oracle SOA Cloud Service was created.

    • Customer Gateway: The gateway of your company.

    • Customer Reachable Route: The reachable route of your company.

  2. Click Create VPN Connection.
  3. Select or enter the required information:
    Element Description
    Name Enter a name for the VPN connection.
    IP Network Select the IP network that you want to access over this VPN connection. This is the same IP network you configured for your database and Oracle SOA Cloud Service instance or another IP network that is in the same IP exchange with the IP network you configured for your database.
    Connected IP Networks This field displays the IP networks reachable over this VPN connection. The VPN connection enables you to access all IP networks that are added to the same IP network exchange as the specified IP networks.
    vNICsets Select the vNICsets that contain the vNICs that you want to access over this VPN connection. A vNIC must belong to one of the specified vNICsets and be part of one of the connected IP networks to be reachable over this VPN connection. The vNICsets determine which instances can communicate over the VPN as a Service instance. You must first click Create to display the available vNICsets.
    Customer Gateway Enter the public IP address of the VPN device in your data center to which you want to connect.
    Customer Reachable Routes Enter (in CIDR format) a comma-separated list of subnets in your data center that should be reachable using this VPN connection.
    Pre-shared Key The pre-shared key (PSK), is used while setting up the VPN connection to establish the authenticity of the gateway that is requesting the connection. You must enter the same key here and on the gateway in your data center. The PSK must contain only alphanumeric characters.
    IKE ID The Internet Key Exchange (IKE) ID identifies the cloud gateway on the gateway in your data center. Only IKE v1 in Main Mode is supported. The IKE ID can be the name or IP address of your cloud gateway. If you do not specify the IKE ID, then the IP address of your cloud gateway is used by default. Alternatively, you can specify a text string that to use as the IKE ID. The IKE ID is case sensitive and can contain a maximum of 255 ASCII alphanumeric characters including special characters, period (.), hyphen (-), and underscore (_). The IKE ID cannot contain embedded space characters.

    Note: If you specify the IKE ID, ensure that you specify the Peer ID type as Domain Name on the gateway in your data center. Other Peer ID types, such as email address, firewall identifier or key identifier, are not supported.

    Specify Phase 1 IKE Proposal

    Select this option to specify Phase 1 IKE v1 options, if required. You can specify the following values:

    • IKE Encryption: Select the IKE encryption algorithm.

    • IKE Hash: Select the IKE hash algorithm.

    • IKE DH group: Select the Diffie Hellman (DH) group.

    • IKE Lifetime: Specify a value between 600 seconds to 9999999 seconds. The default value is 28800 seconds.

    If no values are specified, all possible values are permitted.
    Specify Phase 2 ESP Proposal:

    Select this option to specify Phase 2 Encapsulating Security Payload (ESP) options, if required. You can specify the following values:

    • ESP Encryption: Select the ESP encryption algorithm.

    • ESP Hash: Select the ESP hash algorithm.

    • IPSEC Lifetime: Specify a value between 600 seconds to 9999999 seconds. The default value is 3600 seconds.

    If no values are specified, all possible values are permitted.
    Require Perfect Forward Secrecy

    Deselect this check box, which is selected by default. If the gateway in your data center supports Perfect Forward Secrecy (PFS), retain this setting to require PFS.
    Description Enter a description.
    Tags Specify one or more tags to help you identify and categorize the VPN connection.
  4. Click Create.
    After the VPN connection is created successfully (the status of the Life Cycle is displayed as Ready, but the status of Tunnel is Down), you see the public IP address appear for the VPN connection created. The public IP address is created automatically with the VPN connection creation.
  5. Note the public IP address of the created VPN as a Service and add the public IP address in your on-premises data center.
    The status of tunnel changes to Up after several minutes.
You can manage your VPN as a Service connections. See Setting Up a VPN Connection Using VPNaaS in Using Oracle Cloud Infrastructure Compute Classic.