Rescale VPN Setup Workflow

Connect Rescale with your on-premise resources

This document will guide you through the preparation work and the steps to establish a VPN connection to the customer's on-premise network.



Establishing a VPN connection enables Rescale servers to communicate with customer corporate networks. Communication with customer corporate networks is common to connect Rescale to a customer license server, to provide access to a Remote Desktop in the Rescale cloud for remote visualization, or for additional access security to a company's Rescale accounts.


The process for establishing a VPN connection requires access to the VPN Gateway and company firewall administration settings. Rescale recommends that prior to starting the VPN setup, customer IT/Network does the following:

  1. Establish a Company Administrator account. To do this, if the administrator already has a Rescale account, simply connect with support via chat or send an email to to request Company Administrator rights. To establish a new account, navigate to, select "Log In" and then select "Sign Up." Once the account is established, either connect with support via chat or send an email to to request Company Administrator rights.

  2. Gather the VPN gateway IP address and the private IP address(es) of the license server(s). These will be used in Step 2 of Setup Workflow.

Supported Devices and Exceptions

Given the number of make/model/software version combinations that are prevalent, it is important to be aware of the devices that are typically supported by VNS3 for the the VPN setup.

VNS3 supports most IPsec data center solutions, these solutions include but are not limited to:

Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, and Vyatta/VyOS.

Recomended IPsec Devices:

Any IPsec device that supports: IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.

Noteable Exceptions to Supported Devices:

Checkpoint R65+ requires native IPSec connections. This is due to the fact that Checkpoint does not conform to NAT-Traversal Standards, Cisco ASA 8.4(2)-8.4(any) and Cisco ASA-X 9.2(any)-9.6.1. There are complicatations present that prevent a stable connection from being maintained.

Setup Workflow

1) Customer primary POC establishes connection with Rescale support

The primary point of contact on the customer side should initiate the VPN setup process by establishing a person-to-person link with a Rescale support engineer that will assist with the setup. The customer primary contact can reach Rescale support via support chat on the Rescale platform or at

2) Rescale proposes a IP subnet range of customer's Dedicated Company Private Network

The Rescale support engineer will propose a tentative IP subnet range for the customer's dedicated company private network to the customer IT/Network contact. The customer IT/Network contact should ensure that this subnet range should not overlap with the on-premise infrastructure. If the proposed subnet range overlaps with the customer's on-premise infrastructure, Rescale support and the customer IT/Network team will work together to negotiate the IP subnet range and come up with a range that works for both sides

3) Customer provides VPN Gateway IP address and License Server's private IP address, cloud provider and Endpoint information

After appropriate negotiations and agreement on the proper IP range, the customer IT/Network team will provide: 1) Their VPN gateway IP address for the VPN connection and 2) The private IP address(es) of the license server(s) 3) What license softwares and services they are using along with the port information 4) What cloud provider are they using for the VPN tunnel setup 5) How many endpoints are they willing to have and send the above information to the dedicated Rescale support engineer contact or to

Note : We support various deployment options like, Single cloud single region, Single cloud multi region, Multi-cloud single region and Multi-cloud multi region

4) Rescale provisions the customer resources

Rescale support will provision the VPN related resources stack after receiving the information above. Once the resource stack is provisioned, the Rescale support engineer will send all the information to "Cohesive" and hand over the details for the next steps to complete the VPN setup.

5) Cohesive sends out the VPN checklist to customer IT/Network team

Next, Cohesive Networks support Engineer will reach out to the customer Network/IT contact in the company and share a VPN checklist, which should be completed by the customer IT/Network team and share the completed checklist with Cohesive support.

6) Customer configures the VPN connection

Next, the customer IT/Network team will use the configuration script/file and pre-shared keys provided by Cohesive Networks support engineer to configure the VPN tunnels in the VPN gateway device. With the VPN configuration file and pre-shared keys retrieved, the customer will configure the VPN tunnels and establish the connection in the VPN gateway device.

7) Customer configures on-premises firewall

In order for the nodes launched in the dedicated company private network and to checkout licenses from the on-premise license server through the VPN connection, license and vendor ports (aka vendor daemon port) need to be allowed for inbound on customer-side firewall. The customer IT/Network team should update firewall rules to enable this action.

Please note that if the license server is using floating licenses, the floating vendor port needs to be fixed in the license file (instructions to fix the vendor port are here). Upon completion of these actions, please send an email to the Rescale support engineer.

8) Rescale tests VPN connectivity and license checkout

After the VPN connection is established, Cohesive Networks support engineer will hand over the update to Rescale engineers and they will launch a test node in dedicated company private network to test the connectivity to customer's on-premise license server. If the license server status can be successfully queried from the test node, the VPN connection is established successfully.

Please Note: Rescale support engineer should have permissions to create a test account in the company for testing. This should be confirmed before the testing is initiated and to avoid any delay in the setup completion

Links to Platform Integrations Pages

Should you require a region specific Integration page, the following table of links will take you to the desired Platform.

Platform Region Integrations link
United States US Integrations
European Union EU Integrations
Japan JP Integrations
South Korea KR Integrations