Thalassa Cloud Thalassa Cloud
Sign in Sign up

IPSEC Site-to-Site Gateway In development

Secure, encrypted connections between your cloud infrastructure and on-premises networks or other cloud environments. IPSEC VPN with high availability.

Sign up for a free account

IPSEC Site-to-Site Gateway for Hybrid Cloud

Connect your Thalassa Cloud infrastructure to on-premises datacenters, branch offices, or other cloud providers with encrypted IPSEC tunnels. Full control over routing, security policies, and network segmentation.

Enterprise-Grade Security

Industry-standard IPSEC implementation with AES-256 encryption, SHA-256 integrity, and perfect forward secrecy. Support for IKEv1 and IKEv2 protocols with customizable security associations.

  • AES-256 encryption for data protection
  • SHA-256 integrity checking
  • Perfect forward secrecy
  • IKEv1 and IKEv2 protocol support

High Availability

Built-in redundancy with automatic failover and health monitoring. Multi-zone deployment ensures your VPN connections remain available during infrastructure maintenance or failures.

  • Automatic failover for continuous connectivity
  • Multi-zone deployment for resilience
  • Continuous health monitoring
  • Automatic tunnel re-establishment

VPC Integration

Seamlessly integrate with VPC networks, security groups, and routing tables. Connect multiple VPCs to the same on-premises network or create isolated connections per VPC.

High Availability

Built-in redundancy with automatic failover and health monitoring. Multi-zone deployment ensures your VPN connections remain available during infrastructure maintenance or failures.

Use Cases

Hybrid Cloud

Connect your Thalassa Cloud infrastructure to on-premises datacenters securely. Extend your corporate network to the cloud while maintaining security and compliance.

  • Secure connection between cloud and on-premises
  • Extend corporate networks to the cloud
  • Maintain security and compliance requirements
  • Integration with existing network infrastructure

Multi-Cloud

Create secure connections between cloud regions or different cloud providers. Build multi-cloud architectures with encrypted connectivity between all sites.

  • Connect multiple cloud regions securely
  • Multi-cloud connectivity between providers

Disaster Recovery

Establish secure connectivity for disaster recovery and backup scenarios. Ensure reliable connectivity between primary and DR sites with automatic failover.

  • Secure DR site connectivity
  • Backup and replication connectivity
  • Automatic failover

Branch Offices

Connect remote branch offices to your cloud infrastructure securely. Provide branch offices with access to cloud resources and services.

  • Secure branch office connectivity
  • Access to cloud resources from branches
  • Centralized network management

Frequently Asked Questions

IPSEC Site-to-Site and VPN Gateway serve different use cases:

  • IPSEC Site-to-Site: Permanent encrypted connections between networks (cloud-to-on-premises, cloud-to-cloud). Uses IPSEC protocol, typically for infrastructure-to-infrastructure connections.
  • VPN Gateway (WireGuard): Remote access VPN for individual users or devices. Uses WireGuard protocol, designed for user-to-cloud connections with simple configuration.

Use IPSEC Site-to-Site for connecting networks, and VPN Gateway for remote user access.

IPSEC Site-to-Site Gateway supports industry-standard encryption and security:

  • Encryption: AES-256 (recommended), AES-128
  • Integrity: SHA-256
  • Key Exchange: IKEv1 and IKEv2 protocols
  • Perfect Forward Secrecy: Supported with Diffie-Hellman groups
  • DH Groups: Multiple options including group 14, 15, 16

All connections use strong encryption by default.

IPSEC Site-to-Site Gateway provides high availability through multi-zone deployment and automatic failover:

  • Multi-zone deployment: Gateways deployed across multiple availability zones
  • Automatic failover: Failover to healthy gateways during failures
  • Automatic re-establishment: Tunnels automatically re-established after failures

This ensures your VPN connections remain available even during infrastructure maintenance or failures.

IPSEC Site-to-Site Gateway does not (yet) support BGP for dynamic routing

This is a feature that is still on our roadmap and will be implemented in the future.

IPSEC Site-to-Site Gateway is compatible with standard IPSEC equipment:

  • Most enterprise firewalls and routers with IPSEC support
  • Cisco ASA, Fortinet FortiGate, Palo Alto Networks, pfSense, VyOS, and other open-source solutions
  • Any device supporting IKEv1 or IKEv2 with standard IPSEC

As long as your on-premises equipment supports standard IPSEC protocols (IKEv1/IKEv2), it should be compatible with our gateway.

European Public Cloud

DevOps-First Cloud

Deploy and manage your cloud-native applications with our European based public cloud. Access powerful APIs, Kubernetes orchestration, and DevOps tools designed for modern infrastructure.

GDPR Compliant

EU Data Sovereignty

API First

Terraform & REST API

Kubernetes

Self-Service Kubernetes as a Service

High Performance

NVMe Storage, CPU and network

Launch Your Cloud Journey

Code. Ship. Scale. • Pay-as-you-go pricing