Updated 2025-01-15

Connection Over Site-to-Site VPN

This topic describes one way to set up a connection between an Oracle Cloud Infrastructure Classic IP network and an Oracle Cloud Infrastructure Virtual Cloud Network (VCN). The connection runs over Site-to-Site VPN.

Another option is to have Oracle set up a connection over the Oracle network. For more information, see Connection Over Oracle Network.

Highlights

  • You can run a hybrid workload between your Oracle Cloud Infrastructure Classic and Oracle Cloud Infrastructure environments.
  • You set up Site-to-Site VPN between the IP network's VPN as a Service (VPNaaS) gateway and the VCN's attached Dynamic Routing Gateway (DRG). The connection runs over the internet. You configure routing and security rules in the environments to enable traffic.
  • The two environments must not have overlapping CIDRs. The cloud resources can communicate over the connection only with private IP addresses.
  • The two environments do not have to be in the same geographical area or region.
  • The connection is free of charge.

Overview

You can connect your Oracle Cloud Infrastructure environment and your Oracle Cloud Infrastructure Classic environment with Site-to-Site VPN. The connection facilitates a hybrid deployment with application components that are set up across the two environments. You can also use the connection to migrate workloads from Oracle Cloud Infrastructure Classic to Oracle Cloud Infrastructure. Compared to using the Oracle network for the connection: you can set up Site-to-Site VPN yourself in a matter of minutes. Compared to FastConnect: you don't incur the additional cost and operational overhead of working with a FastConnect partner.

The following diagram shows an example of a hybrid deployment. Oracle Analytics Cloud is running in an Oracle Cloud Infrastructure Classic IP network and accessing the Database service in Oracle Cloud Infrastructure over the connection.

This diagram shows the connection between an IP network and VCN.

Here are other important details to know:

  • The connection is supported in any of the Oracle Cloud Infrastructure and Oracle Cloud Infrastructure Classic regions. The two environments do not need to be in the same geographical area.
  • The connection enables communication that uses private IP addresses only.
  • The CIDR blocks of the IP network and VCN subnets that need to communicate must not overlap.
  • This connection enables communication only between resources in the Oracle Cloud Infrastructure Classic IP network and Oracle Cloud Infrastructure VCN. It does not enable traffic between your on-premises network through the IP network to the VCN, or from your on-premises network through the VCN to the IP network.
  • The connection also does not enable traffic to flow from the IP network through the connected VCN to a peered VCN in the same Oracle Cloud Infrastructure region, or a different region.

The following table lists the comparable networking components required on each side of the connection.

Component Oracle Cloud Infrastructure Classic Oracle Cloud Infrastructure
Cloud network IP network VCN
Gateway VPNaaS gateway Dynamic Routing Gateway (DRG)
Security rules security rules network security groups, security lists

Setting Up Site-to-Site VPN Between Your IP Network and VCN

The following flow chart shows the overall process of connecting your IP network and VCN with Site-to-Site VPN.

This flow chart shows the steps for connecting your IP network and VCN with VPN Connect

Prerequisites:

You must already have:

Terminating the Connection

If you want to terminate the connection, delete the IPSec connection:

  1. Open the navigation menu  and select Networking. Under Customer connectivity, select Site-to-Site VPN.

    A list of the IPSec connections in the compartment you're viewing is displayed. If you don't see the one you're looking for, verify that you're viewing the correct compartment (select from the list on the left side of the page).

  2. Select the IPSec connection you're interested in.
  3. Select Terminate.
  4. Confirm the deletion when prompted.

The IPSec connection is in the Terminating state for a short period while it's being deleted.