Skip to contentSkip to navigationSkip to topbar
Rate this page:
On this page

Virtual Private Network

Interconnect VPN allows you to establish a virtual point-to-point connection to Twilio with IPsec tunnels that provide the functionality, security, and management policies of a private network. All you need is an IPsec VPN Gateway with connection to the Internet.


Types of VPNs

types-of-vpns page anchor

A type of VPN that established secure communication channels based on predefined policies or rules. These policies dictate which network traffic should be encrypted and sent over the VPN tunnel.

VPN Gateway

vpn-gateway page anchor

A network device (e.g. router, firewall) supporting IPsec protocol suite. The device needs to have an interface on the internet and be assigned an IPv4 address which is globally addressable/routable on the Internet.

One or more of your IP networks that will have access to Twilio. Your border devices (e.g. IP-PBX, SIP-PRI IAD, Session Border Controller, NAT gateway, etc.) will reside in these networks. in other words, these are the IP Addresses of the networks where you want them to communicate with Twilio through the IPsec tunnel.



Note that your Encryption Domain (IP routes) have to be globally unique ("public IPs") - as opposed to RFC 1918(link takes you to an external page) address ranges - to avoid conflicts with other networks that Twilio platform is peered with. In other words, your IP routes have to be outside of the following ranges :

  • -
  • -
  • -

The computer system (physical hardware device or a virtual machine performing those tasks) that monitors and controls the flow of traffic in and out of your network (incoming and outgoing traffic). The firewall will have to allow your border devices to communicate with the Twilio network.

In order for various Twilio products to function properly, you need to allow all Twilio's IP routes on your firewall.

Twilio has VPN gateway(s) at each Twilio Interconnect Exchange location.

All Twilio signaling and media traffic will be initiated from fixed IP networks. Each Twilio Interconnect location has its own unique IP routes.

Twilio's VPN gateway and encryption domain details will be provided to you once you sign up for a VPN connection.

Twilio Interconnect VPN connection

twilio-interconnect-vpn-connection page anchor

Twilio will provision bandwidth for your connection at the Twilio Exchange location specified by you. See connection bandwidth and location options listed here. For high availability, we strongly recommend connecting to at least two of our geographically redundant Twilio Interconnect locations. For example, you can select a 100-Mbps connection in Ashburn, Virginia and a 100-Mbps connection in San Jose, California to create redundant connections to Twilio on both coasts of the United States. Similarly, this can be accomplished by having connections to London and Frankfurt in Europe and Singapore and Tokyo or Sydney in the APAC region.

Twilio will issue a pre-shared key for IKE phase 1 authentication and send the key to you via a secure communication channel.

Configuring your private connection to Twilio

configuring-your-private-connection-to-twilio page anchor

Step 1: Submit a provisioning request in Twilio Console

step-1-submit-a-provisioning-request-in-twilio-console page anchor

You will need to provide the following information:

  • Type of IPsec VPN: route-based or policy-based.
  • Desired connection exchange location.
  • Desired bandwidth.
  • VPN Gateway IP.
  • [Route-based] Public BGP Interface IP if you would like to use your own. If not, Twilio can assign a private BGP Interface IP from the link local range 169.254.X.X.
  • [Route-based] Public Autonomous System Number (ASN) if you have one. Twilio can assign a private one for you if you don't have one already.
  • [Route-based] BGP Prefix.
  • [Policy-based] Encryption Domain.

Step 2: Receive IPsec VPN configuration details from Twilio

step-2-receive-ipsec-vpn-configuration-details-from-twilio page anchor

You will be informed once your IPSec VPN has been configured. At this point your IPSec VPN configuration details including your PSK will be viewable in Console.

Step 3: Bring the IPSec tunnel up

step-3-bring-the-ipsec-tunnel-up page anchor

Configure your VPN Gateway using Twilio's IPsec VPN specification and your unique PSK from the above. Advertise Twilio IP routes to your internal network (i.e reverse route injection). This will allow your SIP-enabled elements route traffic to Twilio.

Rate this page: