Description

This article highlights the required steps to establish a secure client-to-site VPN connection to your Cloud Servers on the CaaS infrastructure.

Connection through a VPN is necessary in order to access or administer your virtual servers via SSH or Windows Remote Desktop (RDP) protocols using the server's private IP address.

It is recommended that you read the Introduction to Single-Factor and Multi-Factor VPN Authentication article prior to this one.

Note that when using the VPN, you access Cloud Servers using private IPv4 addresses in MCP 1.0 Data Centers and IPv6 in MCP 2.0 Data Centers.

Prerequisites:

  1. Only users with the VPN role can connect to the VPN and access their Organization's cloud resources.
    1. To add the VPN Role to a user, see How to Manage the Primary Administrator User and other Sub-Administrators as the Primary Administrator
  2. A current installation of Cisco AnyConnect is required to connect to the VPN (see below).
  3. Users of Organizations with Multi-Factor VPN Authentication enabled must be enrolled with Duo to connect to the VPN and must be prepared to provide a second factor authentication approach and corresponding credentials. For more information please refer to:
    1. Introduction to Single-Factor and Multi-Factor VPN Authentication.
    2. How to Self-Enroll in Duo for Multi-Factor Authentication Access to Cloud VPN.
  4. Each Primary Administrator or Sub-Administrator account is limited to two simultaneous Client-to-Site VPN connections. 
    1. To create more Sub-Administrator accounts, see How to Create a Sub-Administrator using the CloudControl UI

Content / Solution:

Establishing a VPN connection requires the following steps (in order), each of which is described in a brief self-contained article:

  1. How to download and install the Cisco AnyConnect VPN client. 

    1. Please refer to the instructions at How to Download and Install the Cisco AnyConnect VPN Client. NOTE: This step is only necessary if you have not already done so or if you wish to replace or update your installation.

  2. How to identify the VPN links relevant for your Organization 

    1. Please refer to the instructions at How to Identify the VPN URLs relevant for your Organization.

  3. How to connect to a VPN URL

    1. Please refer to the instructions at How to Connect to a VPN with Single-Factor or Multi-Factor VPN Authentication.

  4. What IP address should I use to SSH (Unix/Linux) or RDP (Windows) to a Cloud Server after a VPN connection has been established?

    1. Once the VPN connection is established, you use different IP addresses of the Cloud Server depending on whether the Cloud Server is in an MCP 2.0 data center location or an MCP 1.0 data center location:

      1. To Access Cloud Servers in MCP 2.0 Locations:
        RDP or SSH into the Cloud Server using the IPv6 address of the Primary NIC of the Cloud Server:

        In this case you would RDP / SSH to 2607:f480:211:1254:31a8:9f33:4205:b850
        Note: IPv6 addresses are quite long - you can copy and paste this address directly from the CloudControl UI

      2. To Access Cloud Servers in MCP 1.0 Locations:
        RDP or SSH into the Cloud Server using the Private IPv4 address of the Cloud Server:

        In this case, you would RDP / SSH to 10.118.58.11