As per recent industry studies, several customers open up firewalls to access their cloud platform without following proper security policies and procedures. This exposes businesses to high risks, and some companies take several years to recover from such security attacks or are unable to recover at all. Applying intrusion detection and prevention rules without having basic security in place increases your security maintenance costs.
Since 2004, Vast Edge has been assisting companies in effectively securing their businesses by following security policies and procedures using proven industry-standard tools and methods.
Vast Edge recommends using a combination of IPSec (Internet Protocol Security) and Dynamic VPN to ensure secure data transfer by encrypting the entire IP traffic before the packets are transferred from the source to the destination. In this discussion, we will cover how to securely connect your on-premises network with your Oracle cloud network using IPSec.
You will need to create the following Networking components to configure IPSec. You can create the components with either the Console or the API.
The CPE (Customer Premises Equipment) Object is a virtual representation of your actual router in your on-premises network (whether hardware or software). The CPE object contains basic information about your router, such as its IP address.
A Dynamic Routing Gateway is a virtual router at Oracle's end. It acts as the gateway into your VCN from your on-premises network. After creating a DRG, you must attach it to your VCN and add one or more route rules that direct traffic from the VCN to the DRG. You can detach the DRG from your VCN but maintain all the remaining VPN components. You can then reattach the DRG or attach it to another VCN.
After creating the CPE object and DRG, connect them by creating an IPSec connection, which results in multiple redundant IPSec tunnels. It's best practice to configure your on-premises router to support all the tunnels in case one fails.
You can configure access control by specifying the compartment where you want each of the components to reside. Alternatively, you can put all the components in the same compartment as the VCN.
Optionally, assign a descriptive name to each component when you create them.
When creating the IPSec connection for your VPN, specify one or more static routes for the network that needs to communicate with the VCN.
You can create the components using either the Console or the API.