Site-to-site VPN

A knowledge base article about Site-to-site VPN provided by the UC Berkeley IT Service Hub - Knowledge Portal

Watch our quick video comments: https://youtu.be/evU6ff27amM

The Site-to-Site VPN (Virtual Private Network) service provides a permanent encrypted tunnel between the user's network and a remote site, typically a third party such as an integration vendor or cloud services provider. This service is available from any bSecure firewall instance currently offered at the following locations:

Earl Warren Data Center
UC Berkeley Campus
San Diego Super Computer Off-Site DR.

Participation in the Site-to-Site VPN service requires compliance with the following configuration standards:

Endpoint and Tunnel address must be publicly routable IP address (no RFC1918)
Remote networks (not the UC Berkeley side) must meet one of the following two conditions
1. Be publicly routable (no RFC1918)
2. Be RFC1918 10.0.0.0/8 address space allocated by UC Berkeley DNS administrators
The site-to-site VPN service does not support 172.16.0.0/12 or 192.168.0.0/16 RFC1918 networks. If the remote side of the tunnel uses any RFC1918 addresses not allocated by UC Berkeley DNS, they must use NAT to translate to a supported address standard.
The bSecure Site-to-Site VPN service makes use of policy-based-forwarding, which is the use of firewall policy to direct traffic

If you are interested in using this service, complete the Site-to-Site VPN form in the Service Catalog, providing a description of the application requirements. We will contact you for a consultation.

COST: There is no cost for this service.

Please do not order voice services on this form. Press 'Add to Cart' and then 'Continue Shopping' to add other services to this request.

For help in completing this form, click Field Entry Tips. For further assistance call CNS at 664-9000, option 2, 1, or email telecom@berkeley.edu.