Contact Us 1-800-596-4880

Modify an Anypoint VPN Connection

You can update some Anypoint VPN connection settings using Runtime Manager.

IP Addresses

After you create the Anypoint VPN connection, you cannot modify the Remote IP Address or Tunnel Configuration settings. To change these settings, you must recreate the Anypoint VPN and update your VPN endpoint with the new values.

Local external IP addresses are dynamically assigned during VPN creation. You cannot reserve or reuse external IP addresses. When you recreate the VPN, new local external IP addresses are assigned.

Point-to-point IP addresses and Pre-Shared Keys (PSK) are defined during VPN creation. You can use Automatic Tunnel Configuration to generate values for these settings or use the Custom Tunnel Configuration to define your values for these settings.

See Create an Anypoint VPN for more information.

Routing

After you create the Anypoint VPN connection, you cannot modify the routing type or Autonomous System Numbers (ASNs). To change these settings, you must recreate the Anypoint VPN and update your VPN endpoint with the new values.

Networks

The local network is inherited from Anypoint VPC. MuleSoft does not allow you to subnet the Anypoint VPC CIDR block.

You can modify the remote networks for an Anypoint VPN after creation. The steps differ depending on the configured routing type (static or dynamic).

A maximum of 95 route table entries is allowed per Anypoint VPC, regardless of the number of VPN connections. To avoid exceeding this limit, consolidate networks to the fewest number possible.

Static Routes

To modify the remote networks for an Anypoint VPN that uses static routing:

  1. Sign into Anypoint Platform and select Runtime Manager.

  2. From the menu on the left, click VPNs, and then click the name of the VPN to update.

  3. Under Static Routes, click Add New Rule.

  4. In the CIDR field, enter a subnet to make accessible through the VPN, for example, 10.0.0.0/8.

  5. If you want to add additional subnets, click Add New Rule and repeat step 4.

  6. Click Apply Changes to add the new rules.

  7. Review the firewall rules for the corresponding Anypoint VPC.

    By default, all traffic to your Anypoint VPC is blocked unless a firewall rule explicitly allows it.

  8. Update the configuration on your VPN endpoint.

    See the documentation for your device.

    When the tunnel is active, the route table updates automatically.

Dynamic Routes

To modify the remote networks for an Anypoint VPN that uses dynamic routing:

  1. Review the firewall rules for the corresponding Anypoint VPC.

    By default, all traffic to your Anypoint VPC is blocked unless a firewall rule explicitly allows it.

  2. Update the Border Gateway Protocol (BGP) configuration on your VPN endpoint.

    See the documentation for your device.

    When BGP propagates the changes, the route table updates automatically.

IPsec

You can set the Initiator Mode for Anypoint VPN. When enabled, your Anypoint VPN initiates IKE negotiation to enable tunnels. If you use this feature:

  • Configure your gateway to accept an IKEv2 connection, as IKEv1 is not supported.

  • Used route-based VPN, as policy-based VPN is not supported.

All IPsec settings are defined on your endpoint.

You can modify the VPN configuration of your endpoint to take advantage of any supported IPsec settings. See IPsec Settings.

You don’t need to change any VPN settings in Runtime Manager.