Cisco Router VPN to Google Cloud (GCP)
Setting up Google Cloud end
From Hybrid connectivity, select VPN, then click Create VPN connection.

Select Classic VPN

Give the VPN a name, select the Network and Region for the gateway.
Select an External IP for the gateway or create a new one.

Enter the IP of the Cisco router, enter the pre-shared key, or generate a key.
Select Route-based and enter the local subnets

Click done and the VPN gateway will be completed.

Configuring Cisco Router
ESP and UDP port 500 needs to be open on the firewall.
Configure the IKEv2 tunnel
Create an IKEv2 keyring and add the pre-shared key.
crypto ikev2 keyring GCP
peer GCP
address 34.91.104.31
pre-shared-key FSyf6mxuxafo0Vd5D0n4a9TC53aD6PuA

Create an IKEv2 Proposal and set the encryption and integrity algorithm, and DH group,
crypto ikev2 proposal GCP
encryption aes-cbc-256
integrity sha256
group 14

Create an IKEv2 Policy and add the proposal.
crypto ikev2 policy GCP
proposal GCP

Create an IKEv2 Profile.
crypto ikev2 profile GCP
match identity remote address 34.91.104.31 255.255.255.255
authentication remote pre-share
authentication local pre-share
keyring local GCP

Configure IPsec
Create an IPsec transform-set.
crypto ipsec transform-set GCP esp-aes 256 esp-sha256-hmac
mode tunnel

Create an IPsec profile.
crypto ipsec profile GCP
set transform-set GCP
set pfs group14
set ikev2-profile GCP

Configure a virtual tunnel interface
The tunnel needs to have an IP address assigned, this is not used by Google Cloud so any IP not in use can be used.
interface Tunnel1
description VPN_TO_GCP
ip address 172.31.255.250 255.255.255.255 !! Use anything
ip mtu 1440
ip tcp adjust-mss 1380
tunnel mode ipsec ipv4
tunnel protection ipsec profile GCP
tunnel destination 34.91.104.31
tunnel source x.x.x.x !! Router public IP

Add static routes
Add static routes for Google Cloud subnets
ip route 10.164.0.0 255.255.240.0 Tunnel1
