Private Cloud Networking Setup
IMPORTANT: Because of the highly customizable nature of on-premises private clouds, this guide is not precise but aims to provide general guidelines instead.
If you need to establish one-time or temporary access to your MacStadium cloud from a single virtual or physical machine, you can connect via VPN using Cisco AnyConnect. For more information, see Connecting to Your Cloud (via VPN).
If you need to connect an entire private cloud to your MacStadium cloud through a stable, persistent connection, you need to establish an IPsec site-to-site VPN between the two clouds.
To create a stable IPSec site-to-site VPN between your two clouds, you need to:
- Check the software version and model of the Cisco ASA/ASAv device of your MacStadium cloud.
- Configure your private cloud to connect to your MacStadium cloud. You might need to configure one or more of the following:
- Provide the public endpoint of your MacStadium cloud. Usually, this is the public network IP listed for the
FW1-Outside
network in Appendix B of the IP Plan. - Enable policy-based routing between your private cloud and the internal private network of your MacStadium cloud (by, default the
Private-1
network). Usually, this is the private network host and range listed in Appendix A of the IP Plan. - Enable inbound traffic to your private cloud.
- Provide the public endpoint of your MacStadium cloud. Usually, this is the public network IP listed for the
- Set up the Cisco ASA/ASAv device of your MacStadium cloud. You might need to configure one or more of the following rules:
- A
nat
exemption rule for traffic between the two clouds. It might need to allow traffic from the private cloud to the private network and the outside interface of your MacStadium cloud. By default, these are respectively thePrivate-1
andOutside
networks listed in Appendix A of the IP Plan. access-list
rules permitting traffic from the private cloud to the public endpoint of your MacStadium cloud. By default, this is theFW1-Outside
network listed in Appendix B of the IP Plan.- A
crypto map
rule that maps traffic between the two clouds. Usually, you would need to map to the outside interface of your MacStadium cloud. By default, this is theOutside
network listed in Appendix A of the IP Plan. - IPSec and IKE policies.
tunnel-group
rules that point to the private cloud want to connect to your MacStadium cloud.
- A
You need to prepare these settings based on your Cisco ASA/ASAv software and model. For more information about how to configure each aspect of your Cisco firewall, see Cisco Documentation: Configuration Guides.
See also
Updated almost 5 years ago