Skip to main content
Index

Establish VPN Connectivity

Create VPN

 

A VPN configuration uses an IPSec tunnel and an associated BGP to allow a remote site to receive traffic originating from clouds connected to the data interfaces of your virtual device. You can enable VPN only for Equinix-Configured devices.

 

Refer to Network Edge VPN tunnels and sites for more information 

 

To create a VPN you must have:

 

   1) A provisioned virtual device with a registered license and access control list (ACLs).  Call Get Virtual Devices to check the status of your devices and find the virtualDeviceUuid

   2) If you have a redundant device, you must also provide secondary VPN details.

 

If you have the above, then you can skip ahead to Step 3 and create a VPN. Otherwise, follow the steps. 

Step 1: Authenticate

Submit your user credentials, Client ID, and Client Secret for OAuth2 authentication.

 

Refer to Generating a Client ID and Client Secret key under Getting Started section for instructions on how to create client ID and client secret and refer to Requesting Access and Refresh tokens for instructions on how to call Oauth API to validate and authenticate your credentials.

 

If you are unaware of your user credentials for Network Edge, contact your local Equinix Service Desk. 

Step 2: Create/Get Virtual Devices

a) To create a virtual device, please follow these steps

b) To check the status of your virtual device, call Get Virtual Device {uuid} API or Get Virtual Devices API.

 

You may skip the above step if you have a provisioned device with a registered license.

Step 3: Create VPN

POST /ne/v1/vpn

 Method  POST
 URL or End Point  /ne/v1/vpn
 Headers  Authorization, Content-Type
 Query Parameters  Not applicable
 Body Parameters

 siteName, virtualDeviceUuid, configName, peerIp, peerSharedKey, 

remoteAsn, remoteIpAddress, password, localAsn, tunnelIp, useNetworkServiceConnection, secondary   {configName, peerIp, peerSharedKey, remoteAsn, remoteIpAddress,

 password, localAsn, tunnelIp}

 

To obtain an authorization key, refer to Requesting Access and Refresh tokens under the Getting Started section.

 

Sample curl request to create VPN configuration for a single device. 

 

curl -X

POST "https://api.equinix.com/ne/v1/vpn"

-H "Authorization: Bearer 4P8uH5ZWsgH4qlovBrFZG4Hzpp2V"
-H "Content-Type: application/json"
-d '{
  "siteName": "Chicago",
  "virtualDeviceUuid": "8c2845e5-be83-4561-ba2b-a53a7e4cf5ec",
  "configName": "Traffic from AWS cloud",
  "peerIp": "110.11.12.222",
  "peerSharedKey": "5bb2424e888bd",
  "remoteAsn": 65413,
  "remoteIpAddress": "100.210.1.31",
  "password": "pass123SROY",
  "localAsn": 65414,
  "tunnelIp": "192.168.7.2/30",

  "useNetworkServiceConnection": false
}'

 

Sample curl request to create VPN configuration for a redundant device. 

 

curl -X

POST "https://api.equinix.com/ne/v1/vpn"

-H "Authorization: Bearer 4P8uH5ZWsgH4qlovBrFZG4Hzpp2V"
-H "Content-Type: application/json"
-d '{
  "siteName": "Chicago",
  "virtualDeviceUuid": "8c2845e5-be83-4561-ba2b-a53a7e4cf5ec",
  "configName": "Traffic from AWS cloud",
  "peerIp": "110.11.12.222",
  "peerSharedKey": "5bb2424e888bd",
  "remoteAsn": 65413,
  "remoteIpAddress": "100.210.1.31",
  "password": "pass123SROY",
  "localAsn": 65414,
  "tunnelIp": "192.168.7.2/30",

  "useNetworkServiceConnection": false,
  "secondary": {
    "configName": "Traffic from AWS cloud-SROY",
    "peerIp": "110.11.12.222",
    "peerSharedKey": "5bb2424e888bd",
    "remoteAsn": 65413,
    "remoteIpAddress": "100.210.1.31",
    "password": "pass123SROY",
    "localAsn": 65414,
    "tunnelIp": "192.168.7.2/30"
  }
}'

 

Description of request body parameters:

 

Body Parameter Name Mandatory Type Example Applicable Values Description
siteName Yes string Chicago  

Your remote siteName. This must be unique and between 2 and 10 alphanumeric characters long with no spaces. 

virtualDeviceUuid Yes string f79eead8-b837-41d3-9095-9b15c2c4996d  

Unique Id of the virtual device. This must be 36 characters long.

configName Yes string Traffic from AWS cloud   Description of the VPN. This must be between 3 and 50 characters. In case you have a redundant device, you must provide a secondary config name.
peerIp Yes string 100.210.1.221  

IP Address of the remote site to which you are connecting (this is on the customer side). You must provide a unique peer IP address for every VPN between a virtual device and the remote site. 

peerSharedKey Yes string 10013   Pre-shared key for VPN.
remoteAsn Yes string 10023   Remote ASN (autonomous system number). Remote ASN and local ASN cannot be the same. You cannot use the following reserved ASN numbers: 0, 23456, 64496-64511, 65535, 65552-131071, 4294967295. 
remoteIpAddress Yes string 100.210.1.31   Remote IP address to establish BGP peering (this is on the customer side).
password No string pass123SROY   Password for BGP peering. This must not start with a number, must be between 4 and 25 characters long, and contain only alphanumeric characters.
localAsn Yes integer 65414   Local ASN (autonomous system number) of Equinix site. Remote and local ASN cannot be the same. You cannot use the following reserved ASN numbers: 0, 23456, 64496-64511, 65535, 65552-131071, 4294967295. 
tunnelIp Yes string 192.168.7.2/30   Local tunnel IP in CIDR format.
useNetworkServiceConnection Yes boolean false   Whether this VPN should use the existing network service connection. You should set this value to True only if you have an existing network service connection on your device.

 

Sample VPN configuration response for a single device.

 

{
    "vpnUuid": "eb26b601-02cc-4473-b1ee-3e2d4d847315"
}

 

Sample VPN configuration response for a redundant device.

 

{
    "secondaryVpnUuid": "991b775a-16ec-4f2e-b861-8ab93a39902a",
    "vpnUuid": "eb26b601-02cc-4473-b1ee-3e2d4d847315"
}

 

Description of the response payload:

 

Field Type Example Values Description
vpnUuid string 991b775a-16ec-4f2e-b861-8ab93a39902a Unique Id of the VPN on the primary device.
secondaryVpnUuid string eb26b601-02cc-4473-b1ee-3e2d4d847315 Unique Id of the VPN on the secondary device.

 

After you create a VPN configuration, you can check the status of your VPN by calling Get VPN.

 

Possible VPN status Description
PROVISIONING VPN is provisioning.
PROVISIONED VPN is provisioned.
FAILED VPN provisioning failed.
DEPROVISIONING VPN is de-provisioning.
DEPROVISIONED VPN is de-provisioned

 

VPN tunnel status is either UP or DOWN.

 

 

If you get “Access Denied” error, contact your local Equinix Service Desk for Portal access.