(Exception: Cisco ASA policy-based configuration, which uses a single tunnel.) Configuring all the available tunnels is a key part of the "Design for Failure" philosophy. Configure all tunnels for every IPSec connection: Oracle deploys multiple IPSec headends for all your connections to provide high availability for your mission-critical workloads.
#Ivpn device count full
See Encryption domains for policy-based tunnels for full details. The Oracle VPN headends use route-based tunnels, but can work with policy-based For more information, see Overview of Site-to-Site VPN Components. If your CPE is behind a NAT device, you can provide Oracle with your CPE's IKE identifier. Oracle recommends leaving NAT-T enabled when configuring Site-to-Site VPN to OCI. For a list of the required information for your particular CPE, see the links in this list: Verified CPE Devices.īy default, NAT-T is enabled on all Site-to-Site VPN IPSec You also need some basic information about the inside and outside interfaces of your on-premises device (your CPE).
The following information about those components: The Oracle Console to create a VCN and an IPSecĬonnection, which consists of multiple IPSec tunnels for redundancy. You or someone in your organization must have already used Note that the Cisco ASA policy-based configuration uses a single tunnel. If you use BGP dynamic routing with your Site-to-Site VPN, you canĬonfigure routing so that Oracle prefers one tunnel over the other. Ping tests or application traffic across the connection will not reliably work. Traffic from your VCN to your on-premises network can use any tunnel that is Even if you configure one tunnel as primary and another as backup, Asymmetric routing across the multiple tunnels that make up the IPSecĬonnection.