MacStadium.comSubmit a ticket through the portal

Private Cloud Networking Setup

Suggest Edits

IMPORTANT: Because of the highly customizable nature of on-premises private clouds, this guide is not precise but aims to provide general guidelines instead.

If you need to establish one-time or temporary access to your MacStadium cloud from a single virtual or physical machine, you can connect via VPN using Cisco AnyConnect. For more information, see Connecting to Your Cloud (via VPN).

If you need to connect an entire private cloud to your MacStadium cloud through a stable, persistent connection, you need to establish an IPsec site-to-site VPN between the two clouds.

To create a stable IPSec site-to-site VPN between your two clouds, you need to:

  1. Check the software version and model of the Cisco ASA/ASAv device of your MacStadium cloud.
  2. Configure your private cloud to connect to your MacStadium cloud. You might need to configure one or more of the following:
    • Provide the public endpoint of your MacStadium cloud. Usually, this is the public network IP listed for the FW1-Outside network in Appendix B of the IP Plan.
    • Enable policy-based routing between your private cloud and the internal private network of your MacStadium cloud (by, default the Private-1 network). Usually, this is the private network host and range listed in Appendix A of the IP Plan.
    • Enable inbound traffic to your private cloud.
  3. Set up the Cisco ASA/ASAv device of your MacStadium cloud. You might need to configure one or more of the following rules:
    • A nat exemption rule for traffic between the two clouds. It might need to allow traffic from the private cloud to the private network and the outside interface of your MacStadium cloud. By default, these are respectively the Private-1 and Outside networks listed in Appendix A of the IP Plan.
    • access-list rules permitting traffic from the private cloud to the public endpoint of your MacStadium cloud. By default, this is the FW1-Outside network listed in Appendix B of the IP Plan.
    • A crypto map rule that maps traffic between the two clouds. Usually, you would need to map to the outside interface of your MacStadium cloud. By default, this is the Outside network listed in Appendix A of the IP Plan.
    • IPSec and IKE policies.
    • tunnel-group rules that point to the private cloud want to connect to your MacStadium cloud.

You need to prepare these settings based on your Cisco ASA/ASAv software and model. For more information about how to configure each aspect of your Cisco firewall, see Cisco Documentation: Configuration Guides.

See also

Updated about 4 years ago