Solved: Re: internal IP adress VPN

ctrlsoft · 11-01-2022 07:44 AM

Hi,
In a policy based vpn connection, where peer (from my perspecitve) allowed single a specific IP address that can connect to it's specific IP address, how do I set static internal outbound IP address when next hop is vpn tunnel.
In other words I need all outgoing traffic from a subnet to hop on a vpn tunnel with: 172.17.225.37

I'm looking for something like NAT gateway for subnet.

Thanks

JGerman23

Static routing is used in a policy-based or route-based Classic VPN tunnel. When one of these tunnels is created through the Google Cloud panel, Google Cloud immediately generates unique static routes based on the distant IP ranges you provide in the Cloud VPN configuration.

View solution in original post

JGerman23

Static routing is used in a policy-based or route-based Classic VPN tunnel. When one of these tunnels is created through the Google Cloud panel, Google Cloud immediately generates unique static routes based on the distant IP ranges you provide in the Cloud VPN configuration.

ctrlsoft

I have tested it with connectivity tests and is routing as expected.
The problem is my IP address when I do requests that are routed trough tunnel, since my peer is only accepting incoming requests from : 172.17.225.37

JGerman23

Hi, ctrlsoft,

We would like to know if you still have issues with your project.

Reviewing your last reply, it seems that your main task is already working as expected, but if the issue still persists, please help us with a network diagram.

Additionally, you can review the route types documentation, specially the option for static route that will help you with these options:

And lastly, here is documentation for Networks and Tunnel routing - Static routing, which might also help you.

ctrlsoft

all good. Fixed it. Thanks

felipegarcia

@ctrlsoft we're facing the same issue, could you explain us how do you fix it ? 🙂

ctrlsoft

Let's say peer accepts incoming traffic from range: 172.17.225.37/32 (single ip address).

Create subnet for example: 172.17.225.0/24 , create an instance with 172.17.225.37 ip address (manually assigned). You can only assign internal ip address to an instance from subnet range. For now we're fine with one instance.

In our case, we were calling peer resources on a domain, and peer didn't have an internal DNS resolver, we just added in hosts www.peeerdomain.abc to resolve to peer ip address.

tomasgomez

I've tried to connect a Cloud run service within a site-to-site VPN, therefore I need an internal static IP for every HTTP call made by this service. Could you explain a little bit more how could you solve that problem?