PingOne Advanced Services

Simple VPN network

The Simple VPN network option supports a wide range of protocols, such as LDAPS and HTTPS, to connect to your resources, including Oracle, Active Directory, and LDAP. The VPN connection also supports REST and some custom protocols in your network.

There are two different types of Simple VPN networks:

Single VPN network

This model uses a single VPN connection for each region.

Single VPN network diagram
Diagram of a Single VPN network.
Split VPN network

With this model, one connection is used for production environments (Prod and Stage), and the other connection is used for non-production environments (Dev and Test). If a split VPN connection is configured, the customer must supply a unique, customer-side router IP address for each connection. They are not redundant connections. Refer to the following diagram for details.

Split VPN network diagram
Diagram of a split VPN network.

Additional items to consider include:

  • The type of VPN used must be on the list of VPNs supported by AWS.

  • A Site-to-Site VPN connection is used to connect your remote network to a VPC, which requires you to provide IP addresses. Each Site-to-Site VPN connection has two tunnels, with each tunnel using a unique public IP address. You should configure both tunnels for redundancy. Learn more in Tunnel options for your Site-to-Site VPN connection.

  • For this type of network, you will need to provide a /24 CIDR block from your RFC1918 IP space for the VPN landing zone. All the private PingOne Advanced Services private endpoints that you connect to will be within the specified IP range in your AWS account.

To learn more, see What is AWS Site-to-Site VPN? in the AWS Site-to-Site VPN User Guide.

To learn more about additional items that you might also need to consider, see Setup considerations