GCP Virtual Private Network (VPN) Tunnels Lab Example

In this lab you create two networks in separate regions and establish VPN tunnels between them such that a VM in one network can ping a VM in the other network over its internal IP.

GCP VPN Lab Excercise

1. Create the networks

Create two custom networks and associated subnetwork as shown below. Please refer How to create custom VPC networks for detailed steps.

To create networks through console: Go to VPC network -> VPC networks -> Click CREATE VPC NETWORK

2. Create Compute Engine VM instances

Create two compute engine VM instances as shown below.

To create compute engine VM instances: Go to Compute Engine -> VM instances -> Click Create

3. Create Firewall Rules

Allow ICMP and SSH into each network. Please refer Create Firewall Rules section for more details

To create firewall rules: Go to VPC network -> Firewall rules -> Click CREATE FIREWALL RULE

4. Verify network connectivity

You should be able to ping between VM instances through External IP, but not through their Internal IP.

5. Create, configure and verify VPN Gateways

Create the VPN gateways and do all the required configurations to establish the VPN tunnels. Create two VPN gateways , one in each region. Then create forwarding rules for ESP, UDP: 500 and UDP: 4500 for each VPN gateway.

Setup VPN for Network 1 and reserve a Static IP, then create forwarding rules. To create VPN connecion: Go to Hybrid Connectivity -> VPN -> Click Create VPN Connection

Setup VPN for Network 2 and reserve a Static IP, then create forwarding rules.

Then create forwarding rules for VPN gateway in Network 2 similar to the one you created for VPN Gateway in Network 1

Verify the external IP addresses

The external IP addresses that you have reserved for each VPN gateway should be in use by the forwarding rules that you had created. To verify go to VPC network -> External IP addresses