VPN Gateway allows you to connect on-premises data centers, corporate networks, individual clients to Alibaba Cloud Virtual Private Cloud (VPC) networks through encrypted tunnels. This topic describes how to connect an on-premises data center to a VPC by using an IPsec-VPN tunnel.
Prerequisites
- The gateway device that you use to connect to Alibaba Cloud supports the standard IKEv1 and IKEv2 protocols. In this example, IKEv2 must be supported because multiple subnets are configured. Compatible devices include certain models manufactured by Huawei, H3C, Hillstone, Sangfor, Cisco ASA, Juniper, SonicWall, Nokia, IBM, and Ixia.
- The gateway device has a static public IP address assigned.
- The IP address ranges of the on-premises network do not overlap the IP address ranges of the VPC.
Background information

You can select User-created database connected over Express Connect, VPN Gateway, or Smart Access Gateway when you create a replication task in data migration, data synchronization, or change tracking mode, and then enter the private IP address of your on-premises database.
Precautions
If you have already connected your on-premises networks to Alibaba Cloud, you can skip the steps of VPN tunnel setup. However, you need to whitelist DTS servers in your VPN settings and create several static routes. To do this, follow these steps:
Billing
VPN Gateway is a paid service. For more information, see Billing.