Creating a VPN connection

Skytap Virtual Private Networks (VPNs) use the IPsec protocol suite to create a secure network tunnel between Skytap virtual networks and external networks, like your corporate network or a network from another cloud service provider.

For example, you can use a VPN to connect Skytap virtual environments to your corporate intranet; this would give your virtual data center access to corporate resources (such as databases, source repositories, and builds).

Your customer account can have up to 10 VPNs or Private Network Connections connected at the same time. If you need additional VPNs or Private Network Connections, contact your Skytap sales representative.


Before you begin

Before you begin, you’ll need:

  • An administrator account in Skytap.
  • The configuration parameters for the network appliance that Skytap needs to connect to.

    For example, to connect your Skytap account to your corporate network, you need configuration parameters for your corporate network endpoint device from your IT organization.

  • An unattached Skytap static public IP address.

    A static public IP address is used as the Skytap peer IP address for the VPN connection.

    For instructions, see Adding a static public IP address to your account.

    If you don’t have public IP addresses, contact your Skytap sales representative.

Creating and configuring a VPN

To create a VPN
  1. From the navigation bar, click Manage > WANs.

    Admin WANs

    The WANs page displays.

    WANS page

  2. Click New VPN. The New WAN page loads.

    New VPN

  3. Enter a Skytap static public IP address as the Skytap peer IP.
  4. Enter the remaining VPN configuration parameters based on the settings of the remote VPN endpoint to which you’re connecting.


    • The Phase 1 pre-shared key must be entered in plain text. If you later edit the Private Network, the current key isn't visible.
    • Double-quote characters (") aren't supported in pre-shared keys.
  5. To assign NAT IP addresses to any VMs connected to the VPN, select Apply NAT for connecting networks. This setting allows you to connect Skytap environments with overlapping IP addresses to the VPN. For more information, see Apply NAT for connecting networks in VPN configuration parameters.
  6. Enter the Skytap public IP address as the Remote peer IP on the external network VPN endpoint (for example, a network device on your corporate network). Depending on your level of access, your IT organization may need to do this for you.
  7. Click Save. The Details tab displays the details of the VPN you just created.
  8. Add at least one included Remote Subnet. Optionally, you can also add remote subnets to exclude. Included remote subnets can’t overlap with restricted subnets or the Skytap subnet defined in the VPN settings. For more information, see Remote Subnets settings.

    remote subnets

    1. Enter a subnet range in Remote Subnets.


      • The supported remote subnets are within the 3 to 32 bits range, as well as the default subnet
      • The remote VPN router must be configured to accept the default route.
      • Skytap supports route narrowing only for IKEv2 VPNs.
    2. Select include or exclude.
    3. Click Add.

  9. Test the VPN.
  10. Connect your Skytap networks to the VPN.

    You must attach a network with a running VM to establish a VPN connection, otherwise the VPN will be inactive.

  11. Click Enable to begin sending traffic through the VPN.


  12. (Optional) Add Private Network Access Controls to limit the users, groups, or departments that can attach environments to the VPN. For more information, see Configuring access to a VPN.