VPN Gateway is an Internet-based service that allows you to connect enterprise data centers, office networks, or Internet-facing terminals to Alibaba Cloud Virtual Private Cloud (VPC) networks through encrypted tunnels. This topic describes how to connect an on-premises data center to a VPC by using the IPsec-VPN function.
Prerequisites
- The gateway device of the on-premises data center operates as expected.
Alibaba Cloud VPN Gateway supports the standard IKEv1 and IKEv2 protocols. In this example, IKEv2 must be supported because multiple CIDR blocks are configured. The gateway device can be manufactured by Huawei, H3C, Hillstone, Sangfor, Cisco ASA, Juniper, SonicWall, Nokia, IBM, or Ixia.
- A static public IP address is configured for the gateway device of the on-premises data center.
- The CIDR block of the on-premises data center does not overlap the CIDR block of the VPC.
Background information

After the on-premises data center is connected to Alibaba Cloud VPC through IPsec-VPN, you can have a secure, fast, and stable network environment. You can specify a database that is deployed in the on-premises data center as a user-created database connected over Express Connect, VPN Gateway, or Smart Access Gateway. This is applicable when you use DTS for data migration, data synchronization, or change tracking.
Precautions
If the on-premises data center is already connected to Alibaba Cloud VPC, you can perform the following steps:
Billing
You are charged for creating a VPN gateway. For more information, see Billing.