> ## Documentation Index
> Fetch the complete documentation index at: https://docs.macstadium.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify your GCP-to-MacStadium VPN connection

> Verify a GCP-MacStadium VPN using the Cisco ASDM-IDM CLI. Checks ISAKMP security associations to confirm the tunnel is active after configuration.

After you have completed both the Google Cloud Platform (GCP) and the MacStadium sides of the configuration, you might want to verify that the tunnel is working as expected.

1. Verify that you are connected via VPN to your MacStadium private cloud.
   * For more information about how to connect to the VPN, see [Connecting to Your Cloud via VPN](/remote-desktop-vdi/cloud-access-legacy/connect-to-your-cloud-via-vpn).
2. Run Cisco ASDM-IDM and log in.
   * For more information about how to log in to your firewall, see [Logging into Cisco Firewall](/iaas/cisco-firewalls/logging-into-cisco-firewall).
3. In the Cisco ASDM-IDM application toolbar, select **Tools > Command Line Interface**.\\
   <img src="https://mintcdn.com/macstadiuminc/9E4UGn8KwDOik0d3/images/attachments/28298743710747.png?fit=max&auto=format&n=9E4UGn8KwDOik0d3&q=85&s=418c952e121e6e84108d55511a61c702" alt="Cisco ASDM-IDM Tools menu with Command Line Interface option" width="1180" height="880" data-path="images/attachments/28298743710747.png" />
4. Select Single Line, enter the following command, and click **Send**.

```
show crypto isakmp sa
```

If the site-to-site VPN connection is configured properly, you should see information about an active IKEv1.

For more information about this verification command, see [Cisco Documentation: show crypto isakmp sa](https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#isakmp_sa).

## Verify that there is an IPsec security association between peers

1. Verify that you are connected via VPN to your MacStadium private cloud.
   * For more information about how to connect to the VPN, see [Connecting to Your Cloud via VPN](/remote-desktop-vdi/cloud-access-legacy/connect-to-your-cloud-via-vpn).
2. Run Cisco ASDM-IDM and log in.
   * For more information about how to log in to your firewall, see [Logging into Cisco Firewall](/iaas/cisco-firewalls/logging-into-cisco-firewall).
3. In the Cisco ASDM-IDM application toolbar, select Tools > Command Line Interface\\
   <img src="https://mintcdn.com/macstadiuminc/9E4UGn8KwDOik0d3/images/attachments/28298743712283.png?fit=max&auto=format&n=9E4UGn8KwDOik0d3&q=85&s=79b84193b6ee51e75be51b6bbf0a20b3" alt="Cisco ASDM-IDM Tools menu with Command Line Interface option" width="1180" height="880" data-path="images/attachments/28298743712283.png" />
4. Select Single Line, enter the following command, and click Send.

```
show crypto ipsec sa
```

If the site-to-site VPN connection is configured properly, you should see a detailed log.

For more information about this verification command, see [Cisco Documentation: show crypto ipsec sa](https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#ipsec_sa).

## Verify that the tunnel is connected

1. Log in to your GCP console.
2. From the GCP console sidebar, scroll to the Networking section and select **Hybrid Connectivity > VPN**.\\
   <img src="https://mintcdn.com/macstadiuminc/9E4UGn8KwDOik0d3/images/attachments/28298738704027.png?fit=max&auto=format&n=9E4UGn8KwDOik0d3&q=85&s=c480c1525462a67771902181df80eb84" alt="GCP Hybrid Connectivity VPN navigation in sidebar" width="2486" height="1172" data-path="images/attachments/28298738704027.png" />
3. On the Cloud VPN Tunnels tab, locate the tunnel to MacStadium and check the value for VPN tunnel status. When your tunnel is properly connected, the status is: Established.\\
   <img src="https://mintcdn.com/macstadiuminc/9E4UGn8KwDOik0d3/images/attachments/28298743716635.png?fit=max&auto=format&n=9E4UGn8KwDOik0d3&q=85&s=681d5317a3d9023e3d3923f128e3f8e9" alt="GCP Cloud VPN Tunnels tab showing tunnel status as Established" width="2854" height="576" data-path="images/attachments/28298743716635.png" />

## Test traffic and visibility through the tunnel

1. Verify that you have created a virtual machine in MacStadium.
2. Verify that you have created a virtual machine instance in GCP and that you have enabled user login on it.
   * For more information about user login on GCP instances, see [Google Cloud Documentation: Setting up and configuring OS Login](https://cloud.google.com/compute/docs/instances/managing-instance-access).
3. In the terminal on your MacStadium VM, run the following command.
   * Replace `<user>` with the username for your GCP instance.
   * Replace `<gcp-vm-ip>` with the private IP of the GCP instance.

```
       ssh <user>@<gcp-vm-ip>
```

4. When prompted, provide your password or key for the specified username on the specified GCP instance.
   * If the connection is successful, the prefix of the terminal becomes `<user>`@`<gcp-vm-ip>`. This indicates that you have connected from MacStadium to GCP over the tunnel.
5. Run the following command.
   * Replace `<user>` with the username for your MacStadium VM.
   * Replace `<macstadium-vm-ip>` with the private IP of the MacStadium VM.

```
       ssh <user>@<macstadium-vm-ip>
```

6. When prompted, provide your password or key for the specified username on the specified MacStadium VM.
   * If the connection is successful, the prefix of the terminal becomes `<user>`@`<macstadium-vm-ip>`. This indicates that you have connected from GCP to MacStadium over the tunnel.

## Troubleshooting

See our [GCP Troubleshooting](/iaas/google-cloud-platform/gcp-troubleshooting) doc for some common issues with GCP-MacStadium Site-to-Site VPN Connections.