Applies to: Nerdio Private Cloud (NPC) and Nerdio for Azure (NFA) customers/managed service partners (MSPs)
Virtual Private Network (VPN) technology enables remote users to connect to private computer networks in order to gain access to their resources in a secure way. For example, employees traveling or working from home can use VPN to securely connect to their office network over the internet. Enterprises also use a VPN connection to connect to private networks of two or more offices. Through this article let us explore how to set up a multi-site VPN configuration.
Consider a scenario: A customer has multiple offices in a city, located at site A, B, and C. These offices are centrally managed by Cisco Meraki, a cloud-based network management system. The customer is looking to set up a secure network configuration wherein each of these sites will have a connection to Nerdio as shown in the figure below:
To set up a multi-site VPN configuration:
In order to set up a VPN configuration between two parties, we need to first establish a data path between the customer's network and Nerdio, which is referred to as a VPN tunnel.
Step 1: Set up VPN tunnels:
Follow the instructions given in https://help.nerdio.net/hc/en-us/articles/360002326571?flash_digest=2684e296f71f3e63ae68f34b38c18a29b1ab7109
to define a VPN tunnel between each of the sites A, B and C, and Nerdio, using the Nerdio Admin Portal (NAP). So, at the end of step1, you will have three VPN tunnels.
Note: You can create a VPN tunnel between:
- a PC equipped with the FortiClient application or a FortiGate unit
- two FortiGate units
- a third party VPN software and a FortiGate unit
In our case, we will be creating a VPN tunnel between the two VPN gateways (one at customer's site A, B or C) and one at Nerdio side. The VPN gateway acts as a FortiGate unit because it protects the private network behind it.
Step 2: Secure VPN tunnels:
Once you establish a VPN tunnel, using data encryption you can securely exchange data packets between the two parties. In order to establish a secure connection, the data is encrypted with pre-defined shared secret keys (PSK) which are known only to the sender and the receiver. On the FortiGate unit, copy the Master PSK from the first VPN site defined and paste it onto the subsequent sites:
- Site A (Master PSK)
- Site B (Copy of Master)
- Site C (Copy for Master)
NOTE: The Meraki uses some parameters from the first site along with custom parameters from the subsequent sites to build the tunnels. This step will ensure a secure connection between Nerdio and sites A, B, C.
Step 3: Validate Site-to-Site connectivity and traffic flow:
Once a secure connection is established, test the connection to verify IP connectivity between the Nerdio cloud and each one of the Meraki sites A, B and C.