From 69256d818697c6d5157bb7b4fb8aa005fdeaac9e Mon Sep 17 00:00:00 2001 From: Rin Oliver Date: Thu, 21 May 2026 11:59:17 -0500 Subject: [PATCH 1/2] Fix stale GCP VPN doc claims (DI-570) - google-cloud-networking-setup: removed false claim that HA VPN is not supported; scoped the page to Classic VPN explicitly and added a link to the comprehensive HA VPN guide for users who need it - gcp-vpn-config-for-cisco-asaasav: fixed copy-paste error in the macstadium_outside_interface description, which incorrectly said "private network" instead of "outside interface" Co-Authored-By: Claude Sonnet 4.6 --- .../gcp-vpn-config-for-cisco-asaasav.mdx | 2 +- .../google-cloud-networking-setup.mdx | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/iaas/google-cloud-platform/gcp-vpn-config-for-cisco-asaasav.mdx b/iaas/google-cloud-platform/gcp-vpn-config-for-cisco-asaasav.mdx index 303fd04..abab69c 100644 --- a/iaas/google-cloud-platform/gcp-vpn-config-for-cisco-asaasav.mdx +++ b/iaas/google-cloud-platform/gcp-vpn-config-for-cisco-asaasav.mdx @@ -181,7 +181,7 @@ This is the IP address of the public network of your MacStadium private cloud. B **\{ macstadium_outside_interface }** -This is the name of the private network in MacStadium that needs to be accessed by GCP. By default, this is Outside. +This is the name of the outside interface of your Cisco ASA/ASAv device. By default, this is Outside. **\{ shared_key }** diff --git a/iaas/google-cloud-platform/google-cloud-networking-setup.mdx b/iaas/google-cloud-platform/google-cloud-networking-setup.mdx index e213d05..3947085 100644 --- a/iaas/google-cloud-platform/google-cloud-networking-setup.mdx +++ b/iaas/google-cloud-platform/google-cloud-networking-setup.mdx @@ -4,9 +4,11 @@ description: "To establish a stable, persistent connection between a Google Clou zendesk_id: 28300901563163 --- -To establish a stable, persistent connection between a Google Cloud Platform (GCP) private cloud and your MacStadium private cloud, you need to configure a policy-based IPsec site-to-site VPN between the two clouds. +To establish a stable, persistent connection between a Google Cloud Platform (GCP) private cloud and your MacStadium private cloud, you need to configure an IPsec site-to-site VPN between the two clouds. -Currently, you can create only a classic VPN connection with policy-based routing from GCP to MacStadium. It consists of one tunnel and one interface and does not provide high availability. For more information about this option, see [Google Cloud Documentation: Classic VPN](https://cloud.google.com/vpn/docs/how-to/choosing-a-vpn#classic-vpn). +This guide covers the Classic VPN connection with policy-based routing. It consists of one tunnel and one interface and does not provide high availability. For more information about this option, see [Google Cloud Documentation: Classic VPN](https://cloud.google.com/vpn/docs/how-to/choosing-a-vpn#classic-vpn). + +For HA VPN with BGP routing and high availability, see [Site-to-Site VPN Configuration with GCP](/iaas/google-cloud-platform/site-to-site-vpn-configuration-with-gcp). To create a site-to-site VPN from your GCP private cloud to your MacStadium private cloud, you need to go through the following high-level steps: @@ -41,8 +43,6 @@ If you don't have a classic VPN gateway that you want to use, complete the follo 3. Select Classic VPN and click Continue. - * The High-availability (HA) VPN is currently not supported as an option. For more information about the available options, see [Google Cloud Documentation: Choosing a VPN option](https://cloud.google.com/vpn/docs/how-to/choosing-a-vpn). - 4. In the Google Compute Engine VPN gateway section, provide Name and Description. 5. For Network, select the GCP network that needs to be able to access MacStadium. From d4c3ccb02fe4934e5825dfa05f394f1db791e96f Mon Sep 17 00:00:00 2001 From: Rin Oliver Date: Tue, 2 Jun 2026 11:29:14 -0500 Subject: [PATCH 2/2] Fix IKEv2 verify command in GCP VPN doc (DI-570) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The ASA config uses IKEv2 throughout — the correct verify command is `show crypto ikev2 sa`, not the IKEv1 `show crypto isakmp sa`. Updated the expected output description to match. Co-Authored-By: Claude Sonnet 4.6 --- iaas/google-cloud-platform/verify-gcp.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iaas/google-cloud-platform/verify-gcp.mdx b/iaas/google-cloud-platform/verify-gcp.mdx index f57ee18..46aaa8b 100644 --- a/iaas/google-cloud-platform/verify-gcp.mdx +++ b/iaas/google-cloud-platform/verify-gcp.mdx @@ -18,11 +18,11 @@ After you have completed both the Google Cloud Platform (GCP) and the MacStadium ``` -show crypto isakmp sa +show crypto ikev2 sa ``` -If the site-to-site VPN connection is configured properly, you should see information about an active IKEv1. +If the site-to-site VPN connection is configured properly, you should see information about an active IKEv2 security association. -For more information about this verification command, see [Cisco Documentation: show crypto isakmp sa](https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#isakmp_sa). +For more information about this verification command, see [Cisco Documentation: show crypto ikev2 sa](https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/S/asa-command-ref-S/sh_cr-shcrip.html). ## Verify that there is an IPsec security association between peers