1

On connecting my on-prem network with GCP VPC using GCP VPN. From the on-prem network can i access the resources in GCP VPC using the internal ip address of resources.

If the answer is yes, does this apply to all VPN's in general.

I have searched this page for "internal" but found no clue - Cloud VPN overview

samshers
  • 1
  • 6
  • 37
  • 84

2 Answers2

1

Yes, it's the principle of a VPN: bridge 2 networks, through the public internet, but with encrypted communication to keep the traffic secret.

Of course, there are limits and constraints: IP range overlap, routing, network announcement (BGE protocol if supported), firewalls,...

guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76
  • a related Q, does gcp peering (direct or carrier) provide access using Internal IP. I think no. With peering only public ip should be used. Is that correct.? – samshers Mar 09 '22 at 03:13
  • If you mean how to establish a VPN peering with GCP, yes public IP is required. It makes no sense to create a VPN on a private connection (private IP). – guillaume blaquiere Mar 09 '22 at 08:39
  • may be it's misunderstood. For an instance, lets forget VPN. When using gcp peering by itself (no VPN involved). Can the on-prem and gcp resources communicate using internal ip. Otherway asked, do gcp peering allow to use internal ips or not. – samshers Mar 09 '22 at 17:02
  • Yes and no!! If the peering is direct, yes you can. If there is an intermediary VPC between (A peer B peer C), there is no transitivity, and you it doesn't work (A can't reach C) – guillaume blaquiere Mar 09 '22 at 19:16
1

Yes you can access the GCP resources with internal IP addresses from on-premises network.

There are 4 types of private access options. These private access options can be used to allow VM instances with internal IP addresses to communicate with certain API’s and services. To choose an option that supports the APIs and services that you need to access refer to the documentation private-access-options. You can configure one or all of these options. They operate independently of each other.

4 types of private access options are:

  1. Private google access
  2. Private google access for on-prem hosts
  3. Private service access
  4. Serverless VPC access

Private google access for on-prem hosts:

Private google access for on-prem hosts used with on-prem hosts. Private Google Access for on-premises hosts is an alternative to connecting to Google APIs and services over the internet by routing traffic through a Cloud VPN tunnel or a Cloud Interconnect attachment (VLAN). Such on-prem hosts may or may not be configured with external IP addresses.You can use this option when you want to connect to Google API’s and services through VPC network. When using private google access for on-prem hosts your on-prem hosts do not need to have external IP addresses assigned to them.

For more information refer to the documentation private google access for on-premises hosts.

  • a related Q, does gcp peering (direct or carrier) provide access using Internal IP. I think no. With peering only public ip should be used. Is that correct.? +1 – samshers Mar 09 '22 at 03:14