Oracle Cloud Infrastructure Documentation

Working with VPN Connect

This topic contains some details about working with VPN Connect and the related components. Also see these topics:


Avoid entering confidential information when assigning descriptions, tags, or friendly names to your cloud resources through the Oracle Cloud Infrastructure Console, API, or CLI.

Viewing Tunnel Status and Configuration

When you successfully create the IPSec connection, Oracle produces important configuration information for each of the resulting IPSec tunnels. For example, see task 2h in the overall setup process. You can view that information and the status of the tunnels at any time.

To view the status and configuration information for the IPSec tunnels

Changing the Static Routes

You can change the static routes for an existing IPSec connection. You can provide up to 10 static routes.


The IPSec connection goes down while it is reprovisioned with your static route changes.

To edit the static routes

Changing the CPE IKE Identifier That Oracle Uses

If your CPE is behind a NAT device, you might need to give Oracle your CPE IKE identifier. You can either specify it when you create the IPSec connection, or later edit the IPSec connection and change the value. Oracle expects the value to be an IP address or fully qualified domain name (FQDN). When you specify the value, you also specify which type it is.


The IPSec connection goes down while it is reprovisioned to use your CPE IKE identifier.

To change the CPE IKE identifier that Oracle uses

Disabling or Terminating the IPSec VPN

If you want to disable the IPSec VPN between your on-premises network and VCN, you can simply detach the DRG from the VCN instead of deleting the IPSec connection. If you're also using the DRG with FastConnect, detaching the DRG would also interrupt the flow of traffic over FastConnect.

You can delete the IPSec connection. However, if you later want to re-establish it, your network engineer would have to configure your on-premises router again with a new set of tunnel configuration information from Oracle.

If you want to permanently delete the entire IPSec VPN, you must first terminate the IPSec connection. Then you can delete the CPE object. If you're not using the DRG for another connection to your on-premises network, you can detach it from the VCN and then delete it.

To delete an IPSec connection
To delete a CPE object

Managing Tags for an IPSec Connection or CPE Object

You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the desired tags. For general information about applying tags, see Resource Tags.

To manage tags for an IPSec connection
To manage tags for a CPE object

Managing Your DRG

For tasks related to DRGs, see Dynamic Routing Gateways (DRGs).