This article provides a general guide for establishing functional IPSec VPN connections to endpoints outside of mCloud. Please note that specific endpoints, such as routers or other cloud providers, may have additional requirements or unique configurations not covered in this guide.

Prerequisites:

This article assumes the following is already configured and functional within your mCloud Dashboard:

• mCloud project

• mCloud internal subnet

• mCloud router

• Remote endpoint capable of IPSec tunnels

Method:

1. Log into mCloud at https://mcloud.micron21.com/

2. Go to Project > Network > VPN

   1. 

3. Click on "+Add IKE Policy"

   1. 

4. Fill out the desired settings and click Add

   1. This policy can roughly be described as "Phase 1" on other network devices. Keep this in mind when setting up IPSec connections, any mismatch in these settings between endpoints will cause errors.

   2. 

5. Click on the "IPsec Policies" tab and click "+Add IPsec Policy".

   1. 

6. Fill out the desired settings and click Add

   1. This policy is roughly equivalent to "Phase 2" on other network devices.

   2. 

7. Click on the "VPN Services" tab

8. Click on "+Add VPN Service"

   1. 

9. Enter a name, and select a router. Don't select a subnet at this time, then Click Add

   1. 

10. Click on the "Endpoint Groups" Tab. We’ll need to add two endpoint groups here, for internal and remote.

    1. Click "+Add Endpoint Group" and add a local subnet for our internal network

       1. 

    2. Click "+Add Endpoint Group" and add an external subnet for our remote network

       1. 

11. Click on the "IPsec Site Connections" tab and click "+Add IPsec Site Connection".

12. Enter the required details for the configuration we have done to this point, the remote peer details, and a pre-shared key.

    1. 

13. Configure the remote site VPN, matching the settings added above, and confirm both sides are connected. From here you can test traversing the firewall between sites.