This step may confuse some, as though it is named Local Network Gateway, it represents the remote side (peer/endpoint).

To show the status and the throughput totals you can click on the connection from within Virtual network gateways > VNETGW-POLICYVPN > Settings > Connections.

For the Cisco ASR 1000 IPsec configuration, the following details will be used:

IPsec VPN using dynamic routing:

For dynamic routing you use Cloud Router to establish BGP sessions between the 2 peers.

The IKEv2 keyring is associated with an IKEv2 profile and hence, caters to a set of peers that match the IKEv2 profile.

During the IPsec SA negotiation, the peers agree to use a particular transform set for protecting a particular data flow.

The recommended value is 1360 when the number of IP MTU bytes is set to 1400.

Statically route traffic toward the network in Google Cloud to the Tunnel interface.

To save the running configuration and set it as the default startup, run the following command on Cisco IOS terminal:

copy run start;

Google Cloud does ECMP by default so there is no additional configuration required apart from creating x number of tunnels where x depends on your throughput requirements. You can either use a single VPN gateway to create multiple tunnels or create separate VPN gateway for each tunnel.

Actual performance varies depending on the following factors:

The IPsec tunnel can be tested from the router by using ICMP to ping a host on Google Cloud. Be sure to use the inside interface on the ASR 1000.