Setting up site-to-site on IBM Cloud
  • 2 Minutes to read

    Setting up site-to-site on IBM Cloud


      Article summary

      Note: If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead.

      Configuring a VPN gateway at the IBM Cloud Console

      1. Open to the VPC section in the IBM Cloud Console. Go to VPNs (under the Network tab)

      01 Setting up site-to-site on IBM Cloud.png

      1. Open the IKE Policies tab, then select New IKE Policy

      02 Setting up site-to-site on IBM Cloud.png

      1. Choose a Name, the Region in which the appropriate VPC lies, define the Resource group, then select Create IKE policy

      03 Setting up site-to-site on IBM Cloud.png

      1. Once the policy has been created, select the three-dotted menu (...) and select Edit

      2. Fill in the following information:

      • IKE Version: 1
      • DH Group: 2
      • Authentication: sha256
      • Key Lifetime: 28800
      • Encryption: aes256
      1. Select Save IKE policy

      2. Open the IPSec Policies tab, then select New IPSec Policy

      3. Choose a Name, the Region in which the appropriate VPC lies and define the Resource group, then select Create IPSec policy

      04 Setting up site-to-site on IBM Cloud.png

      1. Once the policy has been created, select the three-dotted menu (...) and select Edit

      2. Fill in the following information:

      • Check: PFS
      • DH Group: 2
      • Authentication: sha256
      • Key Lifetime: 3600
      • Encryption: aes256
      1. Select Save IPSec policy

      05 Setting up site-to-site on IBM Cloud.png

      1. Open the VPN gateways tab, then select New VPN gateway

      2. Fill in the following information:

      • Name: Choose the name of your choice
      • Virtual private cloud: Choose the desired cloud
      • Resource group: Choose the resource group
      • Subnet: Choose the appropriate subnet

      06 Setting up site-to-site on IBM Cloud.png

      1. Check New VPN Connection for VPC

      2. Fill in the following information:

      • Connection name: Set a name
      • Peer gateway address: the IP of your NordLayer dedicated server
      • Preshared key: Insert an 8 character (at least) string containing upper-case letters, upper-case letters, and numbers (we will also need this value on our end)
      • Local subnet: Specify one or more subnets in the VPC you want to connect
      • Peer subnet: 10.6.0.0/20

      07 Setting up site-to-site on IBM Cloud.png

      • Dead peer detection action: Restart
      • Interval: 10 seconds
      • Timeout: 30 seconds
      • IKE policy: Choose the policy that was earlier
      • IPSec policy: Choose the policy that was earlier

      Ending note:

      In order to finalize the site-to-site setup on our end, please provide these values via Site-to-site request from in the NordLayer Control Panel:

      • Pre-shared key - you can generate it or we can provide it
      • Encryption  details (AES, SHA and DH group) - AES256, SHA256 and DH group 14 are recommended (also must support IKEv2)
      • Remote gateway/router public IP (must be reachable while connected to the dedicated server)
      • Remote subnet and mask (the subnet is used in your local network)

      Note: In case you are experiencing different results, make sure that you have you carefully gone through all the steps. Having said that, in case the issue persists please feel free to contact our 24/7 customer support team.


      Was this article helpful?