Setting up a VPN in Google Cloud Platform (GCP) to securely connect your on-premises network (like your schoolPay system hosted elsewhere) to GCP is a solid way to ensure secure communication between environments.

Here’s a step-by-step guide to set up a VPN in GCP:


✅ Step 1: Set Up the VPC Network in GCP

  1. Go to the GCP Consolehttps://console.cloud.google.com
  2. Navigate to VPC network > VPC networks
  3. Create a new network (if you don’t already have one):
    • Click Create VPC network
    • Give it a name (e.g., schoolpay-vpc)
    • Add subnet(s) (ensure they don’t overlap with your on-premises subnet)
    • Click Create

✅ Step 2: Reserve a Static IP for the VPN Gateway

  1. Navigate to VPC Network > External IP addresses
  2. Click Reserve static address
    • Name it (e.g., schoolpay-vpn-ip)
    • Choose Regional
    • Pick the region you’ll use
    • Click Reserve

✅ Step 3: Create a Cloud VPN Gateway

  1. Go to Hybrid Connectivity > VPN
  2. Click Create VPN
  3. Fill in:
    • Name: schoolpay-vpn
    • Region: Select same as static IP
    • Network: Select your VPC (e.g., schoolpay-vpc)
    • VPN Gateway Type: Classic or HA (use HA VPN for better reliability)
    • External IP address: Use the one you reserved earlier
    • Click Continue

✅ Step 4: Create VPN Tunnel

On the same page:

  1. Add a new tunnel:
    • Tunnel Name: tunnel-to-school
    • IKE Version: Use version 2 (recommended)
    • Peer IP address: Your on-premises public IP
    • Pre-shared key: Generate one and save it securely (use the same on both sides)
    • Routing Type: Dynamic (with Cloud Router) or Static
      • If static, enter the IP ranges of your on-prem network
  2. Click Create

✅ Step 5: Configure Firewall Rules

  1. Go to VPC network > Firewall
  2. Click Create firewall rule
    • Name: allow-vpn-traffic
    • Network: your VPC
    • Direction: Ingress
    • Source IP ranges: the IP range of your on-prem network
    • Protocols/ports: allow TCP, UDP, ICMP (or as needed)
    • Click Create

✅ Step 6: Configure the On-Premises VPN Device

  • Match settings:
    • Peer IP: Use the GCP static IP
    • IKE Version: Match what you chose in GCP
    • Pre-shared key: Same as configured in GCP
    • Routing: Enter the subnet range of your VPC
  • If using Cisco, MikroTik, FortiGate, etc., follow their config to match GCP’s tunnel settings.

✅ Step 7: Verify Tunnel Status

  • Go to Hybrid Connectivity > VPN
  • Check the Tunnel Status – it should be Established
  • If not, check:
    • Pre-shared key match
    • IP addresses and subnets are correct
    • Firewall rules allow traffic

Share.

Software Engineer || Database Administrator || DevOps Developer || Certified Scrum Master

Leave A Reply

Exit mobile version