salesforce Dreamforce On-Demand
Contact Us 1-800-596-4880
  1. Homepage
  2. CloudHub 2.0
  3. Extending Your Network to Anypoint Platform

  4. Creating VPN Connections

Creating VPN Connections

To connect your private network to an external network using a VPN, create the VPN connection on the Network tab.

If you have an existing Anypoint VPN, change the remote IP to repurpose the VPN for use with CloudHub 2.0. For more information, see the Anypoint VPN documentation.

After you create a VPN, you can’t change any of the VPN settings, except the static IP prefixes for static routing.

Before You Begin

Before creating a VPN connection, create the private network.

Create a VPN

  1. From Anypoint Platform, select Runtime Manager > Private Spaces.

  2. Click the name of the private space to manage.

  3. On the Network tab, in the Connections section, Create Connection.

  4. On the Create Connection page, select VPN, enter the name in the Connection Name field, and click Next.

    Connection names can contain up to 60 alphanumeric characters (a-z, A-Z, 0-9), spaces, and hyphens (-). Runtime Manager supports Unicode characters in connection names.

  5. On the Create VPN Connection page, enter the remote IP address (a single, static IP address) for your VPN endpoint.

  6. Select the routing type:

    Dynamic (BGP)

    Select this option if your device supports Border Gateway Protocol (BGP). BGP supports automatic failover for redundant connections.

    1. In the Local ASN field, enter a local private ASN that isn’t already assigned to your network.

      If you have already created a VPN in this private space, the Create VPN Connection page doesn’t display the Local ASN field.

    2. In the Remote ASN field, enter a remote private ASN.

    Static

    Select this option if your device doesn’t support BGP.

    1. In the Local ASN field, enter a local private ASN that isn’t already assigned to your network.

      Although the local ASN isn’t used for static routing, you must specify this value when you create the first VPN because it is required for any future VPN connections using BGP for this private space.

    2. In the Static Routes field, specify the (comma-separated) static IP prefixes in CIDR notation.

      Click Show Existing Routes for this Network to view the existing routes for the private network.

      You cannot use/have an overlap with the following reserved CIDR blocks for static routes

  1. If you want to customize the tunnel configuration, expand Advanced Options:

    1. Select Automatic Tunnel Initiation to specify that the VPN starts up automatically.

      If you deselect this option, you must generate traffic from the customer gateway to establish VPN tunnels.

      If you have already created a VPN in this private space, this option isn’t available.

    2. Select the tunnel configuration:

      • Automatic

        Select this option to use the default tunnel configuration.

      • Custom

        Select this option to customize:

        You must specify values for all four fields.

  2. Click Create VPN.

    The VPN can take up to 15 minutes to create.

    Once created, you can connect the VPN to your corporate network or you can click Close and complete this step later.

While the VPN is created, you can create a redundant VPN.

If the VPN creation fails, click Create VPN to try again. . Test the connection from your private space to the VPN.

Connect a VPN to Your Corporate Network

After the VPN creation completes successfully, the tunnel status is Down until you connect the VPN to your corporate network.

To connect the VPN to your corporate network, you or your network administrator must configure your gateway device outside of Anypoint Platform.

To facilitate this configuration, you provide information about your gateway device, which Anypoint Platform uses to generate a connection guide to use to configure your device.

After the VPN connection creation completes, the Create VPN Connection window displays the Connect VPN step. You can also display this page from the Network tab by clicking View Connection Guide or clicking the VPN menu (…​) and selecting Connection Guide.

  1. Select options from the drop-down lists:

    • Device vendor

    • Device platform

    • Device software

    See Supported Gateway Devices.

  2. Click Download Connection Guide.

    The connection guide, in .txt format, downloads to your local system.

  3. Give the connection guide to your network administrator to use to configure your gateway device.

    For information, see Your customer gateway device in the AWS VPN documentation.

Create a Redundant VPN

If only one VPN has been configured, the Network tab displays an option to create a redundant VPN.

MuleSoft strongly recommends that you create a redundant VPN. For information, see VPN High Availability.

Redundant VPNs inherit some settings from the initial VPN configuration automatically.

After you create a redundant VPN, you can’t change any of the settings.

  1. From Anypoint Platform, select Runtime Manager > Private Spaces.

  2. Click the name of the private space to manage.

  3. On the Network tab, click Create Redundant VPN.

  4. On the Create Redundant VPN Connection page, complete the fields, based on the routing type of the initial VPN:

    Dynamic (BGP)

    1. In the Remote IP field, enter the public IP address (a single, static IP address that isn’t used by other VPNs) of your VPN endpoint.

    2. In the Remote ASN field, enter a private ASN.

      By default, Remote ASN contains the value from the first VPN, but you can change this value.

    Static

    In the Remote IP field, enter the public IP address (a single, static IP address that isn’t used by other VPNs) of your VPN endpoint.

    Because you have already created a VPN in this private space, the Create Redundant VPN Connection page doesn’t display the Local ASN field.

  5. If you want to customize the tunnel configuration, expand Advanced Options and specify:

    • The IP ranges (in CIDR format) for the internal address of each VPN tunnel.

    • The PSKs for each VPN tunnel.

    The redundant VPN uses the tunnel initiation option specified for the initial VPN.

    Any tunnel configuration values that you don’t customize are set to the default.

  6. Click Create VPN.

The redundant VPN can take up to 15 minutes to create.

If the redundant VPN creation fails, click Create Redundant VPN to try again.

Test the Connection to Your Private Space

After you create the VPN, test the connectivity from CloudHub 2.0 to your networks. To test the connection, use the Network Tools application.

For download and usage information about the Network Tools application, see How To Use Network Tools Application.

See Also