Skip to content
English - United States
Contact support
  • There are no suggestions because the search field is empty.

Configuring a VPN Connection to BEEM

BEEM offers an optional VPN service for secure data transfers from your internal network, databases, or data warehouses to your dedicated BEEM cloud environment.

When You Need a VPN

  • Your data sources are behind a firewall
  • You have on-premises databases or warehouses
  • Your security policy requires encrypted point-to-point connections

Step 1: Gather Your Network Information

Prepare these details about your infrastructure:

| Requirement | Details |
| --- | --- |
| ISP information | Provider name and connection speeds |
| External gateway IP | Static or dynamic |
| Routing preference | Static or BGP dynamic routing |
| VPN device | Vendor and model (Fortinet, pfSense, Palo Alto, etc.) |
| Firmware/OS version | Current version running on the device |
| On-premises CIDR range | Your internal network address range |

> 🚧 Reserved address range
>
> The `192.168.0.0/16` address range is reserved and cannot be used for BEEM VPN connections. Alternative ranges are available.

Step 2: Contact BEEM to Start Setup

  1. Send your network information to support@beemdata.com or your BEEM account manager
    1. The BEEM Advanced Data Services team will provide:
      • Endpoint configuration details
      • Pre-shared keys and tunnel parameters
      • Device-specific setup instructions tailored to your hardware

Step 3: Implement on Your Side

  1. Import the provided settings into your VPN appliance

    1. Establish dual tunnels for redundancy
    2. Configure Dead Peer Detection (DPD) on your device with the following settings:
    Parameter Recommended Value
    DPD interval 10 seconds
    DPD retries 3
    DPD timeout action Clear (tear down and switch to backup tunnel)
    Startup action Start (auto-initiate IKE negotiation)
    1. Verify routing connectivity between your network and BEEM

    ❗ KeepAlive is required

    DPD keepalive serves two critical purposes:

    • Maintaining the tunnel: Without keepalive traffic, idle tunnels will be torn down automatically, causing unexpected disconnections.
    • Enabling failover: Without DPD, failed tunnels will not be detected and traffic will not automatically switch to the backup tunnel.

    This is the most common cause of connectivity issues after initial VPN setup. The settings above follow AWS Site-to-Site VPN best practices and ensure tunnels stay active and failures are detected within approximately 30 seconds.

Step 4: Joint Testing and Validation

  1. BEEM schedules a validation session with your team
    1. Together, confirm:
      • Throughput and latency measurements
      • Active tunnel redundancy
      • Failover behavior with keepalive monitoring
    2. Once validated, the VPN is production-ready

Key Benefits

  • Dual active tunnels ensure continuous operation during outages
  • Encrypted point-to-point connection for maximum security
  • Works with most enterprise VPN hardware (Fortinet, pfSense, Palo Alto, and others)

Contact support@beemdata.com to start the VPN setup process.