google-cloud-platformvpngoogle-cloud-vpn

Authenticatication issue while setting up a tunnel between GCP VPN and Cisco ASA


I am trying to setup a VPN tunnel with a client who is using the Cisco ASA router based on IKEv2 configuration, with the IPSEC Tunnel mode as 'Policy Based'. I checked the logs of the GCP VPN tunnel and I have issue with verifying the identity of the client. GCP cloud VPN uses the public IP address of the client to verify the identity, but the client instead uses the FQDN as a standard to verify its identity. The GCP expects the IP address from client side, but instead it gets the FQDN, which results in a failure to setup the tunnel. Also, I read that GCP cloud VPN does not support IKEv2 FQDN. Is it true? Has anyone used FQDN in the GCP VPN to verify the IKE identity? The client has a strict requirement to verify the identity only via FQDN


Solution

  • GCP Cloud VPN does not support IKEv2 FQDN, the public IP address is used as the IKE identity.