I have created Classic VPN tunnel with policy base routing and in network define VPC network and in Local IP network define to VM public IP/32.
However i have allowed the icmp rule for the public IP as target and source 0.0.0.0 as from other network i am able to ping that public IP while enable the rule but not from the remote network.
Please can you advise if i m missing anything.
Hi @pankajj884 ,
Welcome to Google Cloud Community!
Cloud VPN Tunnel connects your VPC network to your on-premise network. This allows your VPC’s internal IP addresses (Private IP addresses) to communicate privately with your on-premise network’s internal IP addresses, as both networks are interconnected. Assigning a public IP address to your VM instance exposes it to the internet. Therefore, with an internet connection and proper firewall configuration on your on-premise network, you can ping your VM instance.
You have stated that the firewall rule has been implemented(0.0.0.0/0). Ideally, you have to configure firewall rules(allow ICMP) for inbound and outbound traffic for both networks. Ensure the source network in this inbound rule is set to your on-premises network’s IP address range. The target network should be the VPN gateway’s IP address.
Provided example shows VM public IP(192.0.0.0), remote network(10.0.0.0/24) and VPN gateway(172.0.0.1) for firewall inbound/outbound rule:
While you’ve allowed ICMP traffic for the public IP, ensure there are no deny rules that might be blocking traffic coming from your on-prem network.
Another thing to consider is Cloud NAT, to ping VM instances without external IP for more secure connection.
I hope the above information is helpful.
