Product Documentation

Configure cloud connector tunnel

To configure the NetScaler Cloud Connector tunnel, use the configuration utility of both the NetScaler VPX appliances to perform the following tasks:

  • Create an IPSec profile—An IPSec profile entity specifies the IPSec protocol parameters, such as IKE version, encryption algorithm, hash algorithm, and PSK, to be used by the IPSec protocol in the NetScaler Cloud Connector tunnel.

  • Create an IP tunnel and associate the IPSec profile with it—An IP tunnel specifies the local IP address, remote IP address, protocol used to set up the NetScaler Cloud Connector tunnel, and an IPSec profile entity. The created IP tunnel entity is also called the NetScaler Cloud Connector tunnel entity.

  • Create a PBR rule and associate the IP tunnel with it—A PBR entity specifies a set of conditions and an IP tunnel (NetScaler Cloud Connector tunnel) entity. The source IP address range and the destination IP range are the conditions for the PBR entity. You must set the source IP address range and the destination IP address range to specify the subnet whose traffic is to traverse the NetScaler Cloud Connector tunnel. For example, consider a request packet that originates from a client on the subnet in the datacenter and is destined to a server on the subnet in the AWS cloud. If this packet matches the source and destination IP range of the PBR entity on the NetScaler virtual appliance on the NetScaler SD-WAN WANOP appliance in the datacenter, it is considered for NetScaler SD-WAN WANOP processing, which sends the packet across the NetScaler Cloud Connector tunnel associated with the PBR entity.

To create an IPSEC profile by using the command line interface:

At the command prompt, type:

  • add ipsec profile <ipsec_profile_name> -encAlgo AES -hashAlgo HMAC_SHA1 -lifetime 500 -psk <password>

To create an IP tunnel and bind the IPSEC profile to it by using the command line interface:

At the command prompt, type:

  • add iptunnel <tunnel_name> <Remote CBC Public IP> <remote_cbs_Netmask> <lan_subnet_IP> -protocol GRE -ipsecProfileName <ipsec_profile>

To create a PBR rule and bind the IPSEC tunnel to it by using the command line interface:

At the command prompt, type:

  • add ns pbr <pbr_name> ALLOW -srcIP = <local_lan_subnet> -destIP = <remote_lan_subnet> -ipTunnel <tunnel_name>

  • apply ns pbrs

To create an IPSEC profile by using the configuration utility:

  1. Navigate to SystemNetScaler Cloud Connector > IPSec Profile.

  2. In the details pane, click Add.

  3. In the Add IPSec Profile dialog box, set the following parameters:

    • Name

    • Encryption Algorithm

    • Hash Algorithm

    • IKE Protocol Version (select V2)

  4. Use one of the following IPSec authentication methods to be used by the two peers to mutually authenticate.

    • For Pre-shared key authentication method, set the Pre-Shared Key Exists parameter.

    • For Digital certificates authentication method , set the following parameters:</span>

      • Public Key

      • Private Key

      • Peer Public Key

  5. Click Create, and then click Close.

To create an IP tunnel and bind the IPSEC profile to it by using the configuration utility:

  1. Navigate to SystemNetScaler Cloud Connector > IP Tunnels.

  2. On the IPv4 Tunnels tab, click Add.

  3. In the Add IP Tunnel dialog box, set the following parameters:
    • Name

    • Remote IP

    • Remote Mask

    • Local IP Type (In the Local IP Type drop down list, select Subnet IP).

    • Local IP (All the configured IPs of the selected IP type will be populated in the Local IP drop down list. Select the desired IP from the list.)

    • Protocol

    • IPSec Profile

  4. Click Create, and then click Close.

To create a PBR rule and bind the IPSEC tunnel to it by using the configuration utility:

  1. Navigate to System > Network > PBR.

  2. On the PBR tab, click Add.

  3. In the create PBR dialog box, set the following parameters:
    • Name

    • Action

    • Next Hop Type (Select IP Tunnel)

    • IP Tunnel Name

    • Source IP Low

    • Source IP High

    • Destination IP Low

    • Destination IP High

  4. Click Create, and then click Close.

    The new NetScaler Cloud Connector tunnel configuration on the NetScaler SD-WAN WANOP appliance in the datacenter appears on the Home tab of the Management Service user interface.

    The corresponding new NetScaler Cloud Connector tunnel configuration on the NetScaler VPX appliance in the AWS cloud appears on the configuration utility.

    The current status of the NetScaler Cloud Connector tunnel is indicated in the Configured NetScaler SD-WAN WANOP pane. A green dot indicates that the tunnel is up. A red dot indicates that the tunnel is down.

Configure cloud connector tunnel

In this article