Configuring a VPN Connection to BEEM
Learn how to set up a secure VPN tunnel between your on-premises network and BEEM for encrypted data transfers from firewall-protected sources.
BEEM offers an optional VPN service for secure data transfers from your internal network, databases, or data warehouses to your dedicated BEEM cloud environment.
When You Need a VPN
- Your data sources are behind a firewall
- You have on-premises databases or warehouses
- Your security policy requires encrypted point-to-point connections
Gather Your Network Information
Prepare these details about your infrastructure:
| Requirement | Details |
|---|---|
| ISP information | Provider name and connection speeds |
| External gateway IP | Static or dynamic |
| Routing preference | Static or BGP dynamic routing |
| VPN device | Vendor and model (Fortinet, pfSense, Palo Alto, etc.) |
| Firmware/OS version | Current version running on the device |
| On-premises CIDR range | Your internal network address range |
Reserved address rangeThe
192.168.0.0/16address range is reserved and cannot be used for BEEM VPN connections. Alternative ranges are available.
Contact BEEM to Start Setup
- Send your network information to [email protected] or your BEEM account manager
- The BEEM Advanced Data Services team will provide:
- Endpoint configuration details
- Pre-shared keys and tunnel parameters
- Device-specific setup instructions tailored to your hardware
Implement on Your Side
- Import the provided settings into your VPN appliance
- Establish dual tunnels for redundancy
- Configure Dead Peer Detection (DPD) on your device with the following settings:
| Parameter | Recommended Value |
|---|---|
| DPD interval | 10 seconds |
| DPD retries | 3 |
| DPD timeout action | Clear (tear down and switch to backup tunnel) |
| Startup action | Start (auto-initiate IKE negotiation) |
- Verify routing connectivity between your network and BEEM
KeepAlive is requiredDPD keepalive serves two critical purposes:
- Maintaining the tunnel: Without keepalive traffic, idle tunnels will be torn down automatically, causing unexpected disconnections.
- Enabling failover: Without DPD, failed tunnels will not be detected and traffic will not automatically switch to the backup tunnel.
This is the most common cause of connectivity issues after initial VPN setup. The settings above follow AWS Site-to-Site VPN best practices and ensure tunnels stay active and failures are detected within approximately 30 seconds.
Joint Testing and Validation
- BEEM schedules a validation session with your team
- Together, confirm:
- Throughput and latency measurements
- Active tunnel redundancy
- Failover behavior with keepalive monitoring
- Once validated, the VPN is production-ready
Key Benefits
- Dual active tunnels ensure continuous operation during outages
- Encrypted point-to-point connection for maximum security
- Works with most enterprise VPN hardware (Fortinet, pfSense, Palo Alto, and others)
Contact [email protected] to start the VPN setup process.