Also See: Hosting Services FAQ: VPN.
VPN stands for Virtual Private Network. In Jive's case, it is a logical network "tunnel" between a Jive Hosted datacenter and a customer's office or datacenter to simulate a network connection directly between Jive servers and customer servers. It does this via a unique, encrypted traffic flow over the internet between Jive and customer sites. We offer this to support some customer security requirements for authentication/user services and/or custom application requirements.
The VPNs that Jive builds and supports are unidirectional tunnels. Traffic is initiated from the Jive hosted network to the customer's corporate network. We do not allow incoming connections across the tunnel to the Jive Hosted network.
VPN connectivity is only available as a purchased module. Please contact your account representative if you would like more information about purchasing a VPN connection for your community. If you have already purchased a VPN module, a case will be opened in your Jive Community group with more information on the setup process, once the request has been processed by our Order Desk department.
Jive Hosting will post a reply to the setup case in your support group with a list of details that need to be provided or confirmed in order to begin the setup process. Once this information is supplied, we will use it to create a design diagram specific to your environment to illustrate how traffic would flow across the VPN. An example of this diagram can be seen below (click to enlarge).
In addition to the diagram, Hosting will supply NAT (Network Address Translations) assignments from the Jive Interface Network. Once both parties agree on a design Jive will implement the configuration and provide the pre-shared-key. The typical turnaround time for Hosting to complete the Jive side of the configuration is 7 business days.
Jive uses a /28 IP block from its public IP pool to source-NAT connections into the customer side of the tunnel. This ensures unique IP's are used, and alleviates the need for mandatory NAT on the customer side of the tunnel.
Please Note: VPN configurations prior to October 2012 had required NAT on both sides of the tunnel. The current implementation relieved this requirement by dual-NAT'ing on the Jive side for the Jive->Customer outbound connections. A customer is still welcome to NAT within their IP space if they choose.
Below are Jive's configuration standards. In your setup case Hosting will ask you to confirm if you prefer the standard, or a supported alternate.
- Phase 1:
- Authentication Method: Preshared Keys
- Diffie-Hellman Group: Group 2
- Authentication / Hash: sha1
- Encryption: AES 256 (preferred) or 3DES
- Phase 1 Lifetime: 10800 seconds (preferred) or 86400 seconds
- Dead Peer Detection: Enabled (preferred) or Disabled
- Phase 2 (ESP):
- Authentication / Hash: sha1 (hmac-sha1-96)
- Encryption: AES 256 (preferred) or 3DES (not preferred)
- Phase 2 Lifetime: 3600 seconds (preferred) or 86400 seconds (only if p1 is also 86400)
- Perfect Forward Secrecy: Disabled (preferred) or Enabled
- Interesting Traffic ACL aka Proxy-ID aka Encryption Domain:
- US1: Customer / Jive: 0.0.0.0/0 18.104.22.168/28
- EU1: Customer / Jive: 0.0.0.0/0 22.214.171.124/28
- Jive can support a more specific subnet/prefix on the customer side, however, only one ACL/proxy-id can be configured.
- Supported: Customer/Jive
- single line: 172.20.30.0/24 126.96.36.199/28
- Not supported: Customer/Jive
- line 1: 172.20.30.100/32 188.8.131.52/28
- line 2: 172.20.30.200/32 184.108.40.206/2
- Supported: Customer/Jive
Please see the Hosting Services FAQ: VPN. If you have not yet purchased a VPN, please contact your Jive Account Manager. If you have questions about a new or existing VPN implementation please feel free to file a support case.