Cisco Router VPN to Google Cloud (GCP)
☁️

Cisco Router VPN to Google Cloud (GCP)

Setting up an IPsec VPN from a Cisco router to Google Cloud.

Setting up Google Cloud end

From Hybrid connectivity select VPN, then click Create VPN connection.
GCP Create VPN Connection
Select Classic VPN
GCP Classic VPN
Give the VPN a name, select the Network and Region for the gateway.
Select an External IP for the gateway or create a new one.
notion image
Enter the IP of the Cisco router, enter the pre-shared key, or generate a key.
Select Route-based and enter the local subnets
notion image
Click done and the VPN gateway will be completed.
notion image

Configuring Cisco Router

ESP and UDP port 500 needs to be open on the firewall.
Configure the IKEv2 tunnel
Create an IKEv2 keyring and add the pre-shared key.
crypto ikev2 keyring GCP
    peer GCP
    address 34.91.104.31
    pre-shared-key FSyf6mxuxafo0Vd5D0n4a9TC53aD6PuA
IOS IKEv2 keyring
IKEv2 keyring
Create an IKEv2 Proposal and set the encryption and integrity algorithm, and DH group,
crypto ikev2 proposal GCP
    encryption aes-cbc-256
    integrity sha256
    group 14
IOS IKEv2 Proposal
IKEv2 Proposal
Create an IKEv2 Policy and add the proposal.
crypto ikev2 policy GCP
    proposal GCP
IOS IKEv2 Policy
IKEv2 Policy
Create an IKEv2 Profile.
crypto ikev2 profile GCP
    match identity remote address 34.91.104.31 255.255.255.255
    authentication remote pre-share
    authentication local pre-share
    keyring local GCP
IOS IKEv2 Profile
IKEv2 Profile
Configure IPsec
Create an IPsec transform-set.
crypto ipsec transform-set GCP esp-aes 256 esp-sha256-hmac
    mode tunnel
notion image
IPsec transform-set
Create an IPsec profile.
crypto ipsec profile GCP
    set transform-set GCP
    set pfs group14
    set ikev2-profile GCP
notion image
IPsec profile
Configure a virtual tunnel interface
The tunnel needs to have an IP address assigned, this is not used by Google Cloud so any IP not in use can be used.
interface Tunnel1
    description VPN_TO_GCP
    ip address 172.31.255.250 255.255.255.255 !! Use anything
    ip mtu 1440
    ip tcp adjust-mss 1380
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile GCP
    tunnel destination 34.91.104.31
    tunnel source x.x.x.x !! Router public IP
notion image
virtual tunnel interface
Add static routes
Add static routes for Google Cloud subnets
ip route 10.164.0.0 255.255.240.0 Tunnel1
IOS Static Route