• Administrator overview
• Managing users and permissions
  • User roles and access permissions
  • Creating users
  • Editing users
  • Unlocking a user account
  • Resending a user activation link
  • Deleting or deactivating users
  • Using groups
  • Managing departments
  • Managing passwords and password policies
  • Setting account-wide access policies
  • Changing a resource owner
  • Using Single Sign-On (SSO)
    • Using Single Sign-on (SSO) with Azure Active Directory (AAD)
    • Configuring an ADFS claim rule for SSO
• Managing account-wide settings
  • Adding container registries
• Managing public IP addresses
• Managing WANs
  • Overview: VPNs
    • Creating a VPN
      • VPN configuration parameters
        • AWS VPC: VPN configuration example
        • Azure VPN: VPN configuration example
        • Cisco ASA: VPN configuration example
        • Cisco IOS: VPN configuration example
        • Juniper SRX: VPN configuration example
        • pfSense: VPN configuration example
        • strongSwan: VPN configuration example
  • Overview: Skytap on Azure ExpressRoute connections
    • Creating a Skytap on Azure ExpressRoute connection
    • Creating a customer-managed Skytap on Azure ExpressRoute connection
  • Testing the WAN
    • Troubleshooting VPN test failures
  • Connecting an environment network to a WAN
  • Configuring WAN access controls
  • Editing an existing WAN connection
  • Disable a WAN
• Managing Metered RAM and storage usage
  • How usage is calculated
  • Viewing current usage and enabling pay-as-you-go capacity
  • Reserved capacity for Skytap on Azure
  • Reserved capacity for Skytap on IBM Cloud
  • Setting usage limits
  • Setting up notifications
  • VM pinning
• Reporting overview
  • Viewing and exporting user information
  • Viewing and exporting group information
  • Generating department reports
  • Generating audit reports
    • Configuring the webhook service for audit data
  • Viewing usage data
    • Using labels for in-depth reporting
    • Creating usage label categories
    • Configuring the webhook service for usage data
  • Enabling other users to generate reports
• Security best practices
• Other best practices
• Sharing templates with users in other Skytap accounts
• Finding the source environment from a sharing portal URL
• Including your logo in the Skytap interface

AWS VPC: VPN configuration example

This page provides more specific values for configuring a VPN connection between Skytap and an AWS VPC. It contains sample VPN configuration parameters to enter on the Skytap VPN page, as well as the configuration values to enter in your AWS account.

For general information about the configuration process for each side of the VPN connection, first see:

• Creating a VPN connection to your Skytap account.
• Setting Up an AWS VPN Connection.

Sample VPN configuration

In your AWS account:

1. Follow the instructions at Setting Up an AWS VPN Connection.

   • Use the following values for the Customer Gateway,

     • Routing: Static
     • IP address: Enter the static public IP address that is (or will be) associated with your Skytap VPN. This is either automatically assigned when you click Create VPN in Skytap, or you can manually select from the available static public IP addresses in your Skytap account.

   • Use the following values for the VPN connection:

     • Routing option: Static
     • Static IP prefixes: Enter the subnet range for the IP addresses you want to access in your Skytap account. This value must match the Skytap subnet range defined in your Skytap VPN configuration.
2. Download the VPN configuration file. This contains the pre-shared key you’ll need to enter in the Skytap VPN configuration page.
3. Note the Outside IP Address from the Tunnel Details tab for the VPN connection. This is the Remote Peer IP value for the Skytap VPN configuration.

4. Edit your Route Tables and Security Groups to allow traffic from the VPN connection you set up. For example:

   1. Create a Route and set the following values:

      • Destination: One of the Skytap subnet ranges defined in the VPN Static IP prefixes field of the VPN connection.
      • Target: The AWS Virtual Private Gateway you created earlier.

   2. Create a Security Group and allows incoming traffic over all ports for IP addresses in the Skytap subnet ranges.

   Traffic can't flow through the VPN unless it's explicitly allowed.

Skytap VPN configuration

Parameters to enter on your Skytap VPN page:

Parameter Name	Value to enter
Name	Name for your Skytap VPN Example: aws-us-east-1-vpn
Remote Peer IP	Enter the Outside IP Address from the Tunnel Details tab of the AWS VPN connection.
Region	N/A. This is automatically populated when you select a public IP address for the Skytap peer IP field (see below). Example: US-East-2
Skytap peer IP	An available public IP address in your Skytap account in the same region as the VMs you want to connect to. Example: 199.199.199.199 This value is entered in the IP address field of the Remote Gateway in your AWS account.
Skytap subnet	The range of VM IP addresses in Skytap that sends and receives traffic through this VPN. This can’t overlap with the included remote subnets defined below and must match the value in the Static IP prefixes field of the AWS VPN connection. You can specify the default route (0.0.0.0/0) for either the remote subnet or the local subnet. You can’t use 0.0.0.0/0 for both local and remote subnets.
Apply NAT for Connected Networks	Either YES or NO, depending on your configuration and needs. See Editing the network NAT subnet for details about configuring NAT subnets.
Topology	Route-based
Phase 1 Encryption Algorithm	aes 256
Phase 1 Hash Algorithm	sha1
Phase 1 pre-shared Key	[SHARED SECRET KEY] This must match the pre-shared key in the VPN configuration file you downloaded from AWS.
Phase 1 SA lifetime	28800
Phase 1 DH group	modp1536
Phase 2 encryption algorithm	aes 256
Phase 2 authentication algorithm	hmac_sha1
Phase 2 perfect forward secrecy (PFS)	YES
Phase 2 PFS group	modp1536
Phase 2 SA lifetime	3600
SA policy level	require
Specify maximum segment size	YES
Maximum segment size	1379
Dead peer detection	ON
Included remote subnets	Enter the IP addresses and subnets on your AWS VPC that will send and receive traffic through this VPN. Example: 10.1.15.0/24 The subnets should be based on the traffic allowed by your AWS Route Tables and Security Groups. You can specify the default route (0.0.0.0/0) for either the remote subnet or the local subnet. You can’t use 0.0.0.0/0 for both local and remote subnets.
Excluded remote subnets	Subset of IP addresses and subnets on the AWS VPC that should be excluded from using the VPN tunnel. This is used only to define exclusions for VPN traffic from larger included remote subnets (defined above). Example: 10.1.15.17/32