Appian VPN Connection Worksheet
In order to setup a VPN connection between your private network and each Appian Cloud
instance, please complete sections in yellow and submit the form to Appian over a Technical
Support Case. Appian will provide the items in green and will coordinate the new
configuration with you.
Appian Cloud Instance URL (please specify multiple if enabling VPN in more than one
environment): [Link]
Purpose of the VPN tunnel: RDBMS Linking
Will this VPN tunnel have failover enabled?: No
Please note the following restrictions:
If not using DNS-based resolution, the customer private network address space must
not involve any IP address in the [Link]/8 or [Link]/12 subnets. You should
instead use NAT to expose them in a different subnet.
The only allowed subnets for Appian’s private network address are [Link]/24
and [Link]/24.
If enabling failover, then a single IP address will be required for purpose of
determining health of the VPN tunnel via ping. If the device is not reachable via
ping, then failover will be attempted to the secondary gateway. The IP address in
private network space must be reachable via both Customer VPN Gateways for
proper failover configuration.
Appian Customer
VPN Gateway IP Address This information shall be [Link]
provided by Appian.
Private network address [Link]/24 [Link]/8
space
*Failover IP to ping NONE at this Time
*Failover Secondary NONE at this Time
Gateway IP Address
*optional field, only required if enabling failover
FQDN Configuration
If you would like to use DNS-based resolution to reference your servers by fully qualified
domain name (FQDN), please fill out the following. If not using DNS, you will simply
reference your servers by IP:
Domain Name (All resources you would like to access over the VPN tunnel must have
FQDNs within this domain): *.[Link]
DNS server IP addresses for domain: [Link]
IPSec Configuration
IPSec pre-shared key:
This information shall be provided by Appian over the phone, consistent with good security practices. A
�Please select option 1 below for IPSec configuration. If neither option works for you, please
propose another configuration by filling out the “Other” column.
Option Selected: Option 1
Option 1 Other
(recommended)
Phase 1
Encryption aes-256-cbc Click here to enter text.
Algorithm
Authentication sha2-256 Click here to enter text.
algorithm
Lifetime 28800 seconds Click here to enter text.
Exchange type Main Click here to enter text.
DH Group Group 2 (1024 bit) Click here to enter text.
Phase 2
Encryption aes-256-cbc Click here to enter text.
algorithm
Authentication sha2-256 Click here to enter text.
algorithm
Perfect Forward Group 2 (1024 bit) Click here to enter text.
Secrecy
Key Lifetime 3600 seconds Click here to enter text.
Acknowledgement
By setting up a VPN tunnel, your Appian Cloud instance(s) will have access to resources on
your corporate infrastructure. We recommend that you implement firewall policies on your
firewall to control what the Appian Cloud instance(s) have access to.
By writing your initials in the box below you accept responsibility for managing the
appropriate firewall configurations to protect your corporate infrastructure. You also accept
any security risks associated with modifying a firewall configuration: LAJ