LAB: Creation of a Cloud HA VPN Connection

LAB: Creation of a Cloud HA VPN Connection

LAB: Creation of a Cloud HA VPN Connection

Task :

  • Creating On-Premise Environment.
  • Creating Infrastructure for Cloud Environment.
  • Creating HA VPN and Configuring BGP Session.
  • Validating the Connection.


Task 1: Configure On-Premises VPC

Hence we don’t have On-Premises Connectivity, we will create Two VPC, one we will assume On-premises and another is Cloud VPC. 

Click on the Cloud Shell icon in the top right corner

Copy and Paste the below command to Create a VPC with the name dclessons-onprem-vpc with custom subnet creation mode.

gcloud compute networks create dclessons-onprem-vpc --subnet-mode=custom --mtu=1460 --bgp-routing-mode=regional

Use the below command to add a subnet with name dclessons-onprem-sub with range to the VPC dclessons-onprem-vpc.

gcloud compute networks subnets create dclessons-onprem-sub --range= --stack-type=IPV4_ONLY --network=dclessons-onprem-vpc --region=us-central1

As we will be sending traffic to this VPC in future steps and by default, the incoming request to a VPC is blocked, we will be creating a Firewall Rule to allow the traffic.

gcloud compute firewall-rules create allow-all --direction=INGRESS --priority=1000 --network=dclessons-onprem-vpc --action=ALLOW --rules=all --source-ranges=

Use the below command to create a Compute Engine Instance with the name dclessons-onprem-instance with Machine Type as n1-standard-1 in the Zone as us-central1-a.

gcloud compute instances create dclessons-onprem-instance --zone=us-central1-a --machine-type=n1-standard-1 --network-interface=subnet=dclessons-onprem-sub,no-address --provisioning-model=STANDARD --no-service-account --no-scopes --create-disk=auto-delete=yes,boot=yes,device-name=dclessons-onprem-instance,image=projects/debian-cloud/global/images/debian-11-bullseye-v20220719,mode=rw,size=10

Task 2: Configure Cloud VPC

Under VPC Network | Click on Create VPC Network

Under Create a VPC Network | Name: dclessons-cloud-vpc | Subnets: custom | New Subnet: Name: dclessons-cloud-subnet | Region: us-central1

IP Stack Type: IPV4, | IPv4 range: | Private Google Access: ON | Click Done

Scroll down, Under Firewall Rules check the dclessons-vpc-allow-ssh firewall rule.

Under Dynamic Routing Mode: Regional | Click Create

Click on Routes from the left panel and make an observation that all of them will be starting with the keyword default

Task 3: Creating Cloud VPC Compute Instance

Under Compute Engine | VM Instance: Create Instance

Under Create Instance | Name: dclessons-cloud-vpc-instance-1 | Region: us-central1(lowa) , Zone: us-central1-a | Machine Configuration: Series : N1 , Machine Type: n1-standard-1

Under Identity & API Access | Service Account: Select your Account

Under Advance Option | Networking: Network Interfaces: Edit Network Interfaces: Network: dclessons-cloud-vpc | Subnetwork: select dclessons-cloud-subnet-IPV4 (

IP stack Type: IPv4, | Click Done | Create

Once done , we can see that both instance are UP and running , SSH to dclessons-cloud-vpc-instance-1

Enter the below command and press Enter

gcloud auth login --no-launch-browser -q

You will receive below as the output. Copy the URL mentioned in the output

In browser , Copy the Code as shown

Enter the code under Enter the authorization code section:

Enter the below command to have admin access to the VM : ping | And there is no Communication established.

Task 4: Configure HA VPN gateway ( On-Premises to Cloud )

Click on the Cloud Shell icon in the top right corner as shown below. Copy and Paste the below command to create a Cloud Router with the name dclessons-onprem-router and ASN(Asynchronous System Number) as 64515.

gcloud compute routers create dclessons-onprem-router --network=dclessons-onprem-vpc --asn=64515 --keepalive-interval=25 --region=us-central1


    You are will be the first.


Please login here to comment.