Some or all of the information on this page might not apply to Trusted Cloud by S3NS.
Choose a connection option for internal-only VMs
This document provides an overview of the methods that you can use to connect to
a Compute Engine virtual machine (VM) instance through its internal IP
address. Connecting to a VM using its internal IP address is useful if you
isolate VMs from external networks by removing their external IP addresses or
restricting inbound traffic to their external IP addresses.
If your VMs have external IP addresses, you can
connect using external IP address.
Options
The following table summarizes the SSH options for connecting to VMs through
their internal IP addresses.
| Method |
Best used when |
| SSH tunneling with IAP |
You don't want any external IP address access to any VMs in your
project. You can use IAP on all Linux VMs, including
bastion host VMs and VMs within projects that use Cloud VPN or
Cloud Interconnect. |
| Bastion host VMs |
You have a specific use case, like session recording, and you can't use
IAP. |
| Cloud VPN or Cloud Interconnect |
Your organization has configured
Cloud VPN
or
Cloud Interconnect
for their networking needs.
Cloud VPN and Cloud Interconnect are separate Trusted Cloud by S3NS
products that aren't included in Compute Engine pricing.
|
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-02 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-02 UTC."],[[["This document outlines how to connect to Compute Engine virtual machines (VMs) using their internal IP addresses, particularly useful when VMs are isolated from external networks."],["Connecting via internal IP is an alternative to using an external IP address, for which separate instructions are available."],["SSH tunneling with Identity-Aware Proxy (IAP) is recommended when external IP access to VMs is restricted and is compatible with bastion hosts and VMs within projects using Cloud VPN or Cloud Interconnect."],["Bastion host VMs are an option for specific cases, such as session recording, where IAP is not suitable."],["Cloud VPN or Cloud Interconnect can be used for SSH access if they are already set up within the organization, noting these are separate products from Compute Engine."]]],[]]
