Google cloud gateway

https://cloud.google.com/compute/docs/vpn/advanced

https://cloud.google.com/files/CloudVPNGuide-UsingCloudVPNwithCiscoASA.pdf

 

heres a (final/working) config in case anyone else wants to do this:

===================

crypto ikev2 proposal gcp-ikev2-proposal-1

encryption aes-cbc-128 aes-cbc-192 aes-cbc-256

integrity sha1 sha256 sha384 sha512

group 2 5 14 15 16

!

crypto ikev2 policy gcp-ikev2-policy-1

match fvrf any

proposal gcp-ikev2-proposal-1

!

crypto ikev2 profile gcp-ikev2-profile-1

match identity remote address gcp.gcp.gcp.gcp 255.255.255.255

identity local address me.me.me.me

authentication remote pre-share key xxxxxxxxxxxx

authentication local pre-share key xxxxxxxxxxxx

lifetime 10800

!

crypto ipsec transform-set gcp-tset-1 esp-aes esp-sha-hmac

mode tunnel

!

crypto ipsec profile gcp-ipsec-profile-1

set transform-set gcp-tset-1

set pfs group14

set ikev2-profile gcp-ikev2-profile-1

!

interface Tunnel0

ip address 169.254.0.2 255.255.255.252

tunnel source me.me.me.me

tunnel mode ipsec ipv4

tunnel destination gcp.gcp.gcp.gcp

tunnel protection ipsec profile gcp-ipsec-profile-1

!

===================

And then configure BGP or maybe static routes as required.

After adding in the Tunnel0 interface config it just started working

straight away. So I guess my config was right all along, its just some

other aspect of IPSEC that wasnt happy with something missing… Yay

misleading debug output. :-/

Hope that helps someone else.

Tom