macstadium · celanthe · May 21, 2026 · Jun 2, 2026
diff --git a/iaas/google-cloud-platform/gcp-vpn-config-for-cisco-asaasav.mdx b/iaas/google-cloud-platform/gcp-vpn-config-for-cisco-asaasav.mdx
@@ -1,12 +1,12 @@
 ---
 title: "GCP VPN Config for Cisco ASA/ASAv"
 description: "Configure your Cisco ASA/ASAv for a GCP-MacStadium VPN using the provided template. Fill in GCP and MacStadium network values, then apply the config."
 zendesk_id: 28301505752219
 ---

 After you have created your site-to-site VPN connection in Google Cloud Platform (GCP), you need to configure your Cisco firewall to recognize the connection and let traffic into your MacStadium private cloud.

 You can use the configuration template provided below and fill in the missing information. You need to provide data from both GCP and MacStadium.

  1. Configuration template
  2. Fill in the configuration blanks 
@@ -21,7 +21,7 @@
 Unless you have extensive experience with GCP and ASA/ASAv configurations, use the configuration from the template. Otherwise, your site-to-site VPN might not work as expected.
 </Note>

 This is a template configuration that you can use to complete the setup of your GCP-MacStadium site-to-site VPN connection.


 ```
@@ -105,47 +105,47 @@
 ```
 ## Fill in the configuration blanks

 You need to manually replace the placeholders in the configuration template with the values for your GCP and MacStadium configurations.

 ### Get the configuration values

 **\{ gcp_network_address }**

 This is the IP address of the GCP local network that needs to have access to MacStadium.

  1. Verify that you're logged into the GCP console and you are working in the correct project.  
 ![GCP console project selector in the toolbar](/images/attachments/28306877053467.png)
  2. From the GCP console sidebar, scroll to the Networking section and select Hybrid Connectivity > VPN.  
 ![GCP sidebar with Hybrid Connectivity VPN option highlighted](/images/attachments/28306908828699.png)
  3. Select Cloud VPN Gateways.
  4. Locate the gateway used by your GCP-MacStadium tunnel and note the value for Region.  
 ![GCP Cloud VPN Gateways list showing gateway region and VPC network](/images/attachments/28306877069595.png)
  5. Click the value listed under VPC network. 
     * The GCP console redirects you to the list of subnets for the selected network.
  6. In the list of subnets, locate the one matching the region you noted in Step 4.
  7. From the respective IP address ranges field, use the IP address without the bit notation at the end (e.g. /16).



 **\{ gcp_network_mask }**

 This is the subnet mask the GCP local network that needs to have access to MacStadium.

  1. Verify that you're logged into the GCP console and you are working in the correct project.  
 ![GCP console project selector in the toolbar](/images/attachments/28307160832411.png)
  2. From the GCP console sidebar, scroll to the Networking section and select Hybrid Connectivity > VPN.  
 ![GCP sidebar with Hybrid Connectivity VPN option highlighted](/images/attachments/28307160835739.png)
  3. Select Cloud VPN Gateways.
  4. Locate the gateway used by your GCP-MacStadium tunnel and note the value for Region.  
 ![GCP Cloud VPN Gateways list showing gateway region and VPC network](/images/attachments/28307175450011.png)
  5. Click the value listed under VPC network. 
     * The GCP console redirects you to the list of subnets for the selected network.
  6. In the list of subnets, locate the one matching the region you noted in Step 4.
  7. From the respective IP address ranges field, use the bit notation at the end (e.g. /16) and convert it to a subnet mask. You can use a CIDR calculator such as this [CIDR/Netmask Lookup Tool](https://www.ultratools.com/tools/netMask).



 **\{ gcp_vpn_ip }**

 This is the public IP address of the cloud VPN gateway in GCP.

@@ -154,38 +154,38 @@
  2. From the GCP console sidebar, scroll to the Networking section and select Hybrid Connectivity > VPN.  
 ![GCP sidebar with Hybrid Connectivity VPN option highlighted](/images/attachments/28307160848411.png)
  3. Select Cloud VPN Gateways.
  4. Locate the gateway used by your GCP-MacStadium tunnel and use the value listed under IP address.  
 ![GCP Cloud VPN Gateways list showing gateway IP address field](/images/attachments/28307175460891.png)



 **\{ macstadium_network_name }**

 This is the name of the private network in MacStadium that needs to be accessed by GCP. By default, this is Private-1.

  * You can find the information about your private network in Appendix A of the [IP Plan](/macstadium/macstadium-overview/ip-plan).



 **\{ macstadium_network_address }**

 This is the IP address of the private network in MacStadium that needs to be accessed by GCP. By default, this is Private-1.

 **\{ macstadium_network_mask }**

 This is the subnet mask of the private network in MacStadium that needs to be accessed by GCP. By default, this is Private-1.

 **\{ macstadium_public_ip }**

 This is the IP address of the public network of your MacStadium private cloud. By default, this is FW1-Outside.
 
 **\{ macstadium_outside_interface }**
 
-This is the name of the private network in MacStadium that needs to be accessed by GCP. By default, this is Outside.
+This is the name of the outside interface of your Cisco ASA/ASAv device. By default, this is Outside.
 
 **\{ shared_key }**
 
 This is the IPSec pre-shared key used when creating the VPN connection in GCP. You must have this key saved separately.

 ## Complete the template

@@ -198,3 +198,3 @@

 ## Next steps


diff --git a/iaas/google-cloud-platform/google-cloud-networking-setup.mdx b/iaas/google-cloud-platform/google-cloud-networking-setup.mdx
@@ -1,14 +1,16 @@
 ---
 title: "Google Cloud Networking Setup"
 description: "To establish a stable, persistent connection between a Google Cloud Platform (GCP) private cloud and your MacStadium private cloud, you need to configure."
 zendesk_id: 28300901563163
 ---
 
-To establish a stable, persistent connection between a Google Cloud Platform (GCP) private cloud and your MacStadium private cloud, you need to configure a policy-based IPsec site-to-site VPN between the two clouds.
+To establish a stable, persistent connection between a Google Cloud Platform (GCP) private cloud and your MacStadium private cloud, you need to configure an IPsec site-to-site VPN between the two clouds.
 
-Currently, you can create only a classic VPN connection with policy-based routing from GCP to MacStadium. It consists of one tunnel and one interface and does not provide high availability. For more information about this option, see [Google Cloud Documentation: Classic VPN](https://cloud.google.com/vpn/docs/how-to/choosing-a-vpn#classic-vpn).
+This guide covers the Classic VPN connection with policy-based routing. It consists of one tunnel and one interface and does not provide high availability. For more information about this option, see [Google Cloud Documentation: Classic VPN](https://cloud.google.com/vpn/docs/how-to/choosing-a-vpn#classic-vpn).
+
+For HA VPN with BGP routing and high availability, see [Site-to-Site VPN Configuration with GCP](/iaas/google-cloud-platform/site-to-site-vpn-configuration-with-gcp).
 
 To create a site-to-site VPN from your GCP private cloud to your MacStadium private cloud, you need to go through the following high-level steps:
 
  1. Log into GCP
  2. Create the VPN connection
@@ -35,17 +37,15 @@

 If you don't have a classic VPN gateway that you want to use, complete the following steps.

  1. If you don't have any VPNs created yet, click Create VPN connection.

  2. If you have one or more VPNs created, click + VPN SETUP WIZARD.
 
   3. Select Classic VPN and click Continue.
 
-     * The High-availability (HA) VPN is currently not supported as an option. For more information about the available options, see [Google Cloud Documentation: Choosing a VPN option](https://cloud.google.com/vpn/docs/how-to/choosing-a-vpn).
-
   4. In the Google Compute Engine VPN gateway section, provide Name and Description.
 
   5. For Network, select the GCP network that needs to be able to access MacStadium.

  6. Select Region.

@@ -53,7 +53,7 @@

  7. Select or create a reserved IP address for the connection.

     * You will need this IP address when you configure the MacStadium side of the tunnel.

  8. In the Tunnels section, provide Name and Description.

@@ -75,12 +75,12 @@

     * By default, this is the Private-1 network.

     * For more information about CIDR notations, see [Understanding IP Addresses, Subnets, and CIDR Notation for Networking](https://www.digitalocean.com/community/tutorials/understanding-ip-addresses-subnets-and-cidr-notation-for-networking#cidr-notation). You can also use a CIDR calculator such as this [CIDR/Netmask Lookup Tool](https://www.ultratools.com/tools/netMask).

  14. (Optional) Select one or more GCP subnetworks to reduce latency between your GCP private cloud and your MacStadium private cloud.

     * For more information, see [Google Cloud Documentation: Networks and subnets](https://cloud.google.com/vpc/docs/vpc#vpc_networks_and_subnets).
  15. (Optional) Provide one or more IP ranges within your GCP local network that needs to access MacStadium.

  16. Click Done.

@@ -131,12 +131,12 @@

     * By default, this is the Private-1 network.

     * For more information about CIDR notations, see [Understanding IP Addresses, Subnets, and CIDR Notation for Networking](https://www.digitalocean.com/community/tutorials/understanding-ip-addresses-subnets-and-cidr-notation-for-networking#cidr-notation). You can also use a CIDR calculator such as this [CIDR/Netmask Lookup Tool](https://www.ultratools.com/tools/netMask).

  10. (Optional) Select one or more GCP subnetworks to reduce latency between your GCP private cloud and your MacStadium private cloud.

     * For more information, see [Google Cloud Documentation: Networks and subnets](https://cloud.google.com/vpc/docs/vpc#vpc_networks_and_subnets).
  11. (Optional) Provide one or more IP ranges within your GCP local network that needs to access MacStadium.

  12. Click Create.

@@ -153,7 +153,7 @@

 ## Ensure that the GCP firewall allows ingress traffic

 Based on your requirements, you might need to enable ingress traffic from MacStadium to GCP in the GCP firewall. For more information, see [Google Cloud Documentation: Configuring firewall rules > Example configurations](https://cloud.google.com/vpn/docs/how-to/configuring-firewall-rules#example_configurations).

 ## Next steps


diff --git a/iaas/google-cloud-platform/verify-gcp.mdx b/iaas/google-cloud-platform/verify-gcp.mdx
@@ -1,12 +1,12 @@
 ---
 title: "Verify your GCP-to-MacStadium VPN connection"
 description: "Verify a GCP-MacStadium VPN using the Cisco ASDM-IDM CLI. Checks ISAKMP security associations to confirm the tunnel is active after configuration."
 zendesk_id: 28298738716699
 ---

 After you have completed both the Google Cloud Platform (GCP) and the MacStadium sides of the configuration, you might want to verify that the tunnel is working as expected.

  1. Verify that you are connected via VPN to your MacStadium private cloud. 
     * For more information about how to connect to the VPN, see [Connecting to Your Cloud via VPN](/remote-desktop-vdi/cloud-access-legacy/connect-to-your-cloud-via-vpn).
  2. Run Cisco ASDM-IDM and log in. 
     * For more information about how to log in to your firewall, see [Logging into Cisco Firewall](/iaas/cisco-firewalls/logging-into-cisco-firewall).
@@ -18,15 +18,15 @@
 
 
 ```
-show crypto isakmp sa
+show crypto ikev2 sa
 ```
-If the site-to-site VPN connection is configured properly, you should see information about an active IKEv1.
+If the site-to-site VPN connection is configured properly, you should see information about an active IKEv2 security association.
 
-For more information about this verification command, see [Cisco Documentation: show crypto isakmp sa](https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#isakmp_sa).
+For more information about this verification command, see [Cisco Documentation: show crypto ikev2 sa](https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/S/asa-command-ref-S/sh_cr-shcrip.html).
 
 ## Verify that there is an IPsec security association between peers
 
  1. Verify that you are connected via VPN to your MacStadium private cloud. 
     * For more information about how to connect to the VPN, see [Connecting to Your Cloud via VPN](/remote-desktop-vdi/cloud-access-legacy/connect-to-your-cloud-via-vpn).
  2. Run Cisco ASDM-IDM and log in. 
     * For more information about how to log in to your firewall, see [Logging into Cisco Firewall](/iaas/cisco-firewalls/logging-into-cisco-firewall).
@@ -42,24 +42,24 @@
 ```
 If the site-to-site VPN connection is configured properly, you should see a detailed log.

 For more information about this verification command, see [Cisco Documentation: show crypto ipsec sa](https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#ipsec_sa).

 ## Verify that the tunnel is connected

  1. Log in to your GCP console.
  2. From the GCP console sidebar, scroll to the Networking section and select **Hybrid Connectivity > VPN**.  
 ![GCP Hybrid Connectivity VPN navigation in sidebar](/images/attachments/28298738704027.png)
  3. On the Cloud VPN Tunnels tab, locate the tunnel to MacStadium and check the value for VPN tunnel status. When your tunnel is properly connected, the status is: Established.  
 ![GCP Cloud VPN Tunnels tab showing tunnel status as Established](/images/attachments/28298743716635.png)



 ## Test traffic and visibility through the tunnel

  1. Verify that you have created a virtual machine in MacStadium.
  2. Verify that you have created a virtual machine instance in GCP and that you have enabled user login on it. 
     * For more information about user login on GCP instances, see [Google Cloud Documentation: Setting up and configuring OS Login](https://cloud.google.com/compute/docs/instances/managing-instance-access).
  3. In the terminal on your MacStadium VM, run the following command. 
     * Replace `<user>` with the username for your GCP instance.
     * Replace `<gcp-vm-ip>` with the private IP of the GCP instance. 

@@ -67,18 +67,18 @@
       ssh <user>@<gcp-vm-ip>
 ```
  4. When prompted, provide your password or key for the specified username on the specified GCP instance. 
     * If the connection is successful, the prefix of the terminal becomes `<user>`@`<gcp-vm-ip>`. This indicates that you have connected from MacStadium to GCP over the tunnel.
  5. Run the following command. 
     * Replace `<user>` with the username for your MacStadium VM.
     * Replace `<macstadium-vm-ip>` with the private IP of the MacStadium VM. 

 ```
       ssh <user>@<macstadium-vm-ip>
 ```
  6. When prompted, provide your password or key for the specified username on the specified MacStadium VM. 
     * If the connection is successful, the prefix of the terminal becomes `<user>`@`<macstadium-vm-ip>`. This indicates that you have connected from GCP to MacStadium over the tunnel.



 ## Troubleshooting