I am testing out the capabilities of the vMX in Google Cloud. I have successfully setup a site to site VPN to my office MX, and now I want to see if the vMX can act as just a Client VPN into Google Cloud.
This leaves me some questions:
Can the vMX provide a Client VPN when the vMX is in passthrough mode?
I presume I need to give the vMX a public IP address. From a security point of view, is it safe to give it a public address.
I'm not sure about Google Cloud specifically, but most cloud providers (AWS/Azure) do not route private subnets behind the vMX (for example the client VPN subnet in this case) out to the internet. However, VPN clients are still able to access cloud resources if you configure routing correctly.