How to Create high-availability VPNs on Google cloud platform.

HA VPN is a high-availability (HA) Cloud VPN solution that lets you securely connect your on-premises network to your VPC network through an IPsec VPN connection in a single region. HA VPN provides an SLA of 99.99% service availability.

When you create an HA VPN gateway, Google Cloud automatically chooses two external IP addresses, one for each of its fixed number of two interfaces. Each IP address is automatically chosen from a unique address pool to support high availability. Each of the HA VPN gateway interfaces supports multiple tunnels. You can also create multiple HA VPN gateways.


  • Login to google cloud platform portal.
  • Click on Hybrid Connectivity.
  • Select VPN.


Fig 1


  • Click on Create VPN connection.


Fig 2


  • Select High-availability(HA)VPN.
  • Click on continue.


Fig. 3


  • Provide VPN gateway name.
  • Select Default or existing network.
  • Select Region.
  • Click on Create & Continue.


Fig. 4


  • Select Peer VPN gateway: Google Cloud or Non Google Cloud.
  • If Select On premise or Non Google Cloud then click on Choose Peer VPN gateway name or If select Google cloud then select project_name & provide VPN gateway name.


Fig. 5


  • Click on Create new peer VPN gateway.


Fig. 5


  • Provide Peer VPN gateway name.
  • Select Interfaces & provide IP address.
  • Click on Create.


Fig. 6



Fig. 7


  • Provide Router name & Google ASN (between 64512 – 65534, 4200000000 – 4294967294) that you are not using elsewhere in your network.
  • Click on Create.


Fig. 8


  • Then, provide name for the tunnel.
  • Select IKE version: IKEv1 or IKEv2(Default).
  • Click on Generate & Copy for IKE pre-shared Key.
  • Click on Create & continue.


Fig 9


  • Click on Configure BGP session.


Fig 10


  • Provide BGP session name.
  • Provide Peer ASN  configured for the peer VPN gateway.
  • Provide a value/number for route priority.
  • Provide Cloud Router BGP IP & BGP peer IP.
  • Click on Save & continue.

Fig 11


  • Click on Save BGP configuration.


Fig 12


  • To verify the configuration, go to the Summary and reminder page.
  • Check all the configuration & click OK.

Fig 13


  • After sometime VPN is ready then go to VPN  tunnel home page.
  • VPN tunnel is there with the name we provide.


Fig 14


Leave a Reply