# Google Cloud
## Step 1 - Creating a new cloud connection
[Log in to the GoodAccess **Control Panel**, and go to **Network** > **Clouds & Branches**.](https://app.goodaccess.com/branches/)
Click **+ Add new**, enter a **Name** (e.g., GCP Production), select the required **Gateway**, and define the **Subnets** **of your Google Cloud VPC** (using CIDR notation).
Choose **IPSec** **Protocol**, and click **Continue**.
Fill out the configuration form (Public IP, Pre-Shared Key, etc.). These parameters must match the configuration you will set in your Google Cloud environment in the next steps.
Click **Submit** to finish, or **Continue** to define optional **Branch Segments** for finer access control.
{% hint style="info" %}
You may return to the configuration via the **Edit** button of your Cloud at any time.
{% endhint %}
{% hint style="info" %}
**Example of configuration (Default preset):**
* **Shared Secret** - Create a new strong password
* **Public IP** - IP of your Google Cloud VPN gateway
* **IKE Lifetime (Phase 1)** - 8 hours (28800 seconds)
* **Tunnel Lifetime (Phase 2)** - 1 hour (3600 seconds)
* **Dead Peer Detection Delay** - 30 seconds
* **Encryption (Phase 1)** - aes256
* **Encryption (Phase 2)** - aes256
* **Integrity (Phase 1)** - sha256
* **Integrity (Phase 2)** - sha256
* **Diffie-Hellman Groups (Phase 1)** - 16 - modp4096
* **Diffie-Hellman Groups (Phase 2)** - 16 - modp4096
{% endhint %}
## Step 2 - Creating a new VPN connection
Log in to the [Google Cloud console](https://console.cloud.google.com/), and go to [**Network Connectivity** > **VPN**](https://console.cloud.google.com/hybrid/vpn/), and click **Create VPN Connection**.
Select **Classic VPN**, and click **Continue**.
Creating a new VPN connection
Creating a new VPN connection
### VPN gateway
* **Name** - Give the VPN gateway a name
* **Network** - Select default or a specific VPC
* **Region** - Preferably the region in which your resources lie
* **IP address** - Create an IP address
Setting up a new VPN gateway
### Tunnels
* **Name** - Give the tunnel a name
* **Remote peer IP address** - IP of your GoodAccess Gateway
* **IKE version** - IKEv2
* **IKE pre-shared key** - Shared Secret [(Step 1)](#step-1-creating-a-new-cloud-connection)
* **Routing options** - Route-based
* **Remote network IP ranges** - Subnet of your GoodAccess Gateway
Click **Done** and then **Create**.
Setting up tunnel for the new VPN gateway
You have now successfully connected your Google Cloud resources to GoodAccess.
{% hint style="warning" %}
**Firewall rules**
Make sure you allow connections from your **GoodAccess Gateway private subnet** to the resources in your **VPC** (e.g., virtual machines, databases, etc.).
Depending on your Google Cloud security setup, you may need to allow this communication in:
* **Cloud Firewall**
* **Cloud NGFW**
{% endhint %}
{% hint style="info" %}
**You may check the status of the connection in:**
* **GoodAccess:** Go to **Control Panel > Network > Clouds & Branches** to view the tunnel status. Use the **Test Connection** button to validate the IPsec tunnel itself, or optionally to test a specific system (target must have ICMP enabled).
* **Google Cloud:** Go to **Network Connectivity > VPN**.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://support.goodaccess.com/configuration-guides/cloud-connector/google-cloud.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.