Product Documentation

Configuring the Tunnel

Jan 30, 2014
To configure the CloudBridge Connector tunnel, use the configuration utility of both the NetScaler VPX appliances to perform the following tasks:
  • Create an IPSec profile—An IPSec profile entity specifies the IPSec protocol parameters, such as IKE version, encryption algorithm, hash algorithm, and PSK, to be used by the IPSec protocol in the CloudBridge connector tunnel.
  • Create an IP tunnel and associate the IPSec profile with it—An IP tunnel specifies the local IP address, remote IP address, protocol used to set up the CloudBridge connector tunnel, and an IPSec profile entity. The created IP tunnel entity is also called the CloudBridge tunnel entity.
  • Create a PBR rule and associate the IP tunnel with it—A PBR entity specifies a set of conditions and an IP tunnel (CloudBridge tunnel) entity. The source IP address range and the destination IP range are the conditions for the PBR entity. You must set the source IP address range and the destination IP address range to specify the subnet whose traffic is to traverse the CloudBridge tunnel. For example, consider a request packet that originates from a client on the subnet in the datacenter and is destined to a server on the subnet in the AWS cloud. If this packet matches the source and destination IP range of the PBR entity on the NetScaler virtual appliance on the CloudBridge appliance in the datacenter, it is considered for CloudBridge processing, which sends the packet across the CloudBridge tunnel associated with the PBR entity.

To create an IPSEC profile by using the command line interface

At the command prompt, type:

  • add ipsec profile <ipsec_profile_name> -encAlgo AES -hashAlgo HMAC_SHA1 -lifetime 500 -psk <password>

To create an IP tunnel and bind the IPSEC profile to it by using the command line interface

At the command prompt, type:

  • add iptunnel <tunnel_name> <Remote CBC Public IP> <remote_cbs_Netmask> <lan_subnet_IP> -protocol GRE -ipsecProfileName <ipsec_profile>

To create a PBR rule and bind the IPSEC tunnel to it by using the command line interface

At the command prompt, type:

  • add ns pbr <pbr_name> ALLOW -srcIP = <local_lan_subnet> -destIP = <remote_lan_subnet> -ipTunnel <tunnel_name>
  • apply ns pbrs
To create an IPSEC profile by using the NetScaler configuration utility
  1. Navigate to System > CloudBridge Connector > IPSec Profile.
  2. In the details pane, click Add.
  3. In the Add IPSec Profile dialog box, set the following parameters:
    • Name
    • Encryption Algorithm
    • Hash Algorithm
    • IKE Protocol Version (select V2)
  4. Use one of the following IPSec authentication methods to be used by the two peers to mutually authenticate.
    • For Pre-shared key authentication method, set the Pre-Shared Key Exists parameter.
    • For Digital certificates authentication method , set the following parameters:
      • Public Key
      • Private Key
      • Peer Public Key
  5. Click Create, and then click Close.
To create an IP tunnel and bind the IPSEC profile to it by using the NetScaler configuration utility
  1. Navigate to System > CloudBridge Connector > IP Tunnels.
  2. On the IPv4 Tunnels tab, click Add.
  3. In the Add IP Tunnel dialog box, set the following parameters:
    • Name
    • Remote IP
    • Remote Mask
    • Local IP Type (In the Local IP Type drop down list, select Subnet IP).
    • Local IP (All the configured IPs of the selected IP type will be populated in the Local IP drop down list. Select the desired IP from the list.)
    • Protocol
    • IPSec Profile
  4. Click Create, and then click Close.
To create a PBR rule and bind the IPSEC tunnel to it by using the NetScaler configuration utility
  1. Navigate to System > Network > PBR.
  2. On the PBR tab, click Add.
  3. In the create PBR dialog box, set the following parameters:
    • Name
    • Action
    • Next Hop Type (Select IP Tunnel)
    • IP Tunnel Name
    • Source IP Low
    • Source IP High
    • Destination IP Low
    • Destination IP High
  4. Click Create, and then click Close.

The new CloudBridge Connector tunnel configuration on the CloudBridge appliance in the datacenter appears on the Home tab of the Management Service user interface.

The corresponding new CloudBridge Connector tunnel configuration on the NetScaler VPX appliance in the AWS cloud appears on the configuration utility.

The current status of the CloudBridge connector tunnel is indicated in the Configured CloudBridge pane. A green dot indicates that the tunnel is up. A red dot indicates that the tunnel is down.