1 About Setting Up VPN Using a Third-Party VPN Device

You can set up VPN access to Compute Classic instances by using Corente Services Gateway in Oracle Cloud and a certified third-party VPN device in your data center.

Topics

• Understanding the Architecture and Key Components of the Solution

• Certified Third-Party VPN Device Configurations

• Workflow for Setting Up VPN Using a Third-Party VPN Device

Note:

The following other VPN solutions are available for instances in multitenant sites:

VPN access through a third-party gateway or Corente Services Gateway in your data center to instances attached to the Oracle-provided shared network. See the following documentation:

• VPN access through a Corente Services Gateway in your data center to instances attached to the Oracle-provided shared network. See Setting Up VPN from Corente Services Gateway On-Premises to the Shared Network.

• VPN access through a third-party gateway or Corente Services Gateway in your data center to instances attached to an IP network defined by you in the cloud. See the following documentation:

  • Setting Up VPN From a Corente Services Gateway to an IP Network in Oracle Cloud

  • Setting Up VPN From a Third-Party Gateway to an IP Network in Oracle Cloud

Understanding the Architecture and Key Components of the Solution

• Corente Services Gateway: Corente Services Gateway is installed on a Compute Classic instance running on Oracle Cloud. It acts as a proxy that facilitates secure access and data transfer in the VPN solution.

  Your Compute Classic account can contain multiple sites. You must set up Corente Services Gateway on each site.

  After setting up the Corente Services Gateway, manually set up and configure a Generic Routing Encapsulation (GRE) tunnel from your Compute Classic instances (virtual machines) to the Corente Services Gateway running on another Compute Classic instance.

  On each site, create a GRE tunnel between Compute Classic instances and the Corente Services Gateway on the same site.

• App Net Manager Service Portal: App Net Manager is a secure web portal that you use to create, configure, modify, delete, and monitor the components of your Corente-powered network. You can also use the Compute Classic web console to manage the components of your Corente-powered network.

• Your own third-party VPN solution: Any third-party VPN solution that allows interoperability with Corente Services Gateway.

Certified Third-Party VPN Device Configurations

The following table lists the third-party VPN device configurations that are supported in the Corente 9.4 release.

Certified Configurations	Devices
Encryption AES256; Hash SHA-256 DH phase 1 group 14 No Perfect Forward Secrecy (PFS); so no Diffie-Hellman (DH) phase 2 group	Cisco 2921 Cisco ISR 4331 Checkpoint 3200 Palo Alto 3020 FortiGate-200D
Encryption AES256; Hash SHA-256 DH phase 1 group 14; DH phase 2 group 14	Cisco 2921 Cisco ISR 4331 Checkpoint 3200 Palo Alto 3020 FortiGate-200D
Encryption AES128; Hash SHA-256 DH phase 1 group 14; no PFS	Cisco 2921 Cisco ISR 4331 Checkpoint 3200 Palo Alto 3020 FortiGate-200D
Encryption AES192; Hash SHA-1 DH phase 1 group 2, DH phase 2 group 2	Cisco ASA5505
Encryption AES256; Hash SHA-1 DH phase 1 group 5; no PFS	Cisco ISR 4331 Checkpoint 3200 Palo Alto 3020 FortiGate-200D

Note:

Other devices may work if they are configured with the certified configurations.

The Corente Services Gateway uses IPSec and is behind a NAT, so network address translator traversal (NAT-T) is required. Ensure that the third-party device in your data center supports NAT-T.

Workflow for Setting Up VPN Using a Third-Party VPN Device

Task	Component in the Architectural Diagram	For more Information
Create and configure your account on Oracle Cloud.	It’s a prerequisite.	See Getting an Oracle.com Account in Getting Started with Oracle Cloud.
Obtain a trial or paid subscription to Compute Classic After you subscribe to Compute Classic, you will get your Corente credentials through email after you receive the Compute Classic welcome email. Note down the Corente account credentials that you received by email.	It’s a prerequisite.	See How to Begin with Compute Classic Subscriptions in Using Oracle Cloud Infrastructure Compute Classic.
Set up Corente Services Gateway (cloud gateway) on Oracle Cloud.	Corente Services Gateway running on an Compute Classic instance, as shown in the architecture diagram.	See Creating a Cloud Gateway.
Add a third-party device and establish partnership between your third-party VPN device and the cloud gateway.	This is the dashed line between the third-party VPN device and the cloud gateway, as shown in the architecture diagram.	See Registering a Third-Party VPN Device See Connecting the Cloud Gateway with the Third-Party Device.
Configure a GRE tunnel on your Oracle Compute, Database, and Java Cloud Service instances.	GRE tunnel from Compute Classic instances 1, 2, and 3, as shown in the architecture diagram.	See: Creating a New Linux Instance and Configuring a GRE Tunnel Configuring a GRE Tunnel on Running Linux Instances Configuring a GRE Tunnel on a Windows Instance