We already imported and secured our users - they able to connect to the Ecosystem. To meet the assumptions of the “Work from Anywhere” idea, it is necessary to provide users with access to the data center and internal services. For this purpose, we will connect the data center with the Ecosystem.
To complete this procedure you should:
For maximum flexibility Acreto offers three options to connect your datacenters and applications
This checklist includes information to connect Acreto to your internal Datacenter for private application access
Acreto Virtual Gateway method behind datacenter Firewall:
This checklist includes information to connect Acreto to your internal Datacenter using the existing firewall/VPN gateway
Using the checklist above connect Acreto your Datacenters to Acreto via IPSEC (vGateway or existing HW). The below procedure shows how to do it using the Raspberry device as a vGateway.
It’s not the only method to reach the goal, other possibilities have been described here. As an alternative, you may use your existing branch office equipment such as your existing Cisco router, or existing firewall.
The following procedure is a summary of Linux - Automatic IPsec Configuration article - which you may want to ready if you want to know more.
To connect your Datacenter/Branch Office to Acreto:
192.168.200.1/241. Local Networks: - your local network addresses that should be routed through this gateway
To simplify testing, add IP addresses of all interfaces connected to your gateway as Local Networks (you can use /32 prefix for public interface). This will allow testing connectivity from the gateway through Acreto using ping, traceroute, and similar tools.
To successfully test your connectivity, you also need to create a security policy that will allow traffic to go through your device.
To proceed with this step you should have at last one Gateway configured as vGateway in your Ecosystem. From the left menu choose Objects > Gateways to display the list of existing gateways.
To generate an image with the configuration for Raspberry Pi you need to:
To proceed with this step you need to have an image file generated by Acreto or URL to the image for your vGateway.
To install the image we need to proceed with flashing the SD card.
Click on the button and save the script in your home directory:Get write_image.sh
or open the terminal and download the script using the command:
Take your SD card from your Raspberry device
Put your SD card into your computer
write_image.sh script to write the image to SD card
if you have an image file downloaded locally:
./write_image.sh image-file.zip /dev/sdb
if you have want to use the URL of an image directly::
./write_image.sh https://aws1-vgateway-images.s3.amazonaws.com/vgateway-raspberry-pi4.s.nAH2xOL8HyJIK1g8v4HEsNCt.img.zip /dev/sdb
/dev/sdb is the location of your SD card
Once finished, plug the SD card into your device and log in as:
Change your password after the first login
Test the network connectivity
IPsec status showing the tunnel status
Traceroute to check if the traffic goes through Acreto Ecosystem
More information about checking the connectivity can be found under Connectivity Check article where a dedicated tool is available.